Botan
1.11.15
|
#include <tls_ciphersuite.h>
Public Member Functions | |
const std::string & | cipher_algo () const |
size_t | cipher_keylen () const |
Ciphersuite () | |
u16bit | ciphersuite_code () const |
bool | ecc_ciphersuite () const |
const std::string & | kex_algo () const |
const std::string & | mac_algo () const |
size_t | mac_keylen () const |
size_t | nonce_bytes_from_handshake () const |
size_t | nonce_bytes_from_record () const |
const std::string & | prf_algo () const |
bool | psk_ciphersuite () const |
const std::string & | sig_algo () const |
std::string | to_string () const |
bool | valid () const |
Static Public Member Functions | |
static const std::vector < Ciphersuite > & | all_known_ciphersuites () |
static Ciphersuite | by_id (u16bit suite) |
static Ciphersuite | by_name (const std::string &name) |
static bool | is_scsv (u16bit suite) |
Ciphersuite Information
Definition at line 22 of file tls_ciphersuite.h.
Botan::TLS::Ciphersuite::Ciphersuite | ( | ) | [inline] |
const std::vector< Ciphersuite > & Botan::TLS::Ciphersuite::all_known_ciphersuites | ( | ) | [static] |
Generate a static list of all known ciphersuites and return it.
Definition at line 45 of file tls_ciphersuite.cpp.
Referenced by by_name(), and Botan::TLS::Policy::ciphersuite_list().
{ static std::vector<Ciphersuite> all_ciphersuites(gather_known_ciphersuites()); return all_ciphersuites; }
Ciphersuite Botan::TLS::Ciphersuite::by_id | ( | u16bit | suite | ) | [static] |
Convert an SSL/TLS ciphersuite to algorithm fields
suite | the ciphersuite code number |
Definition at line 17 of file tls_suite_info.cpp.
References Ciphersuite().
Referenced by Botan::TLS::Session::ciphersuite(), and Botan::TLS::Handshake_State::server_hello().
{ switch(suite) { case 0x0013: // DHE_DSS_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x0013, "DSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20); case 0x0032: // DHE_DSS_WITH_AES_128_CBC_SHA return Ciphersuite(0x0032, "DSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x0040: // DHE_DSS_WITH_AES_128_CBC_SHA256 return Ciphersuite(0x0040, "DSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0x00A2: // DHE_DSS_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x00A2, "DSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0038: // DHE_DSS_WITH_AES_256_CBC_SHA return Ciphersuite(0x0038, "DSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x006A: // DHE_DSS_WITH_AES_256_CBC_SHA256 return Ciphersuite(0x006A, "DSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); case 0x00A3: // DHE_DSS_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x00A3, "DSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0044: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA return Ciphersuite(0x0044, "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); case 0x00BD: // DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0x00BD, "DSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC080: // DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 return Ciphersuite(0xC080, "DSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0087: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA return Ciphersuite(0x0087, "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); case 0x00C3: // DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 return Ciphersuite(0x00C3, "DSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); case 0xC081: // DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC081, "DSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0066: // DHE_DSS_WITH_RC4_128_SHA return Ciphersuite(0x0066, "DSA", "DH", "RC4", 16, 0, 0, "SHA-1", 20); case 0x0099: // DHE_DSS_WITH_SEED_CBC_SHA return Ciphersuite(0x0099, "DSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20); case 0x008F: // DHE_PSK_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x008F, "", "DHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20); case 0x0090: // DHE_PSK_WITH_AES_128_CBC_SHA return Ciphersuite(0x0090, "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x00B2: // DHE_PSK_WITH_AES_128_CBC_SHA256 return Ciphersuite(0x00B2, "", "DHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC0A6: // DHE_PSK_WITH_AES_128_CCM return Ciphersuite(0xC0A6, "", "DHE_PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x00AA: // DHE_PSK_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x00AA, "", "DHE_PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xFFFA: // DHE_PSK_WITH_AES_128_OCB_SHA256 return Ciphersuite(0xFFFA, "", "DHE_PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); case 0x0091: // DHE_PSK_WITH_AES_256_CBC_SHA return Ciphersuite(0x0091, "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x00B3: // DHE_PSK_WITH_AES_256_CBC_SHA384 return Ciphersuite(0x00B3, "", "DHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xC0A7: // DHE_PSK_WITH_AES_256_CCM return Ciphersuite(0xC0A7, "", "DHE_PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x00AB: // DHE_PSK_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x00AB, "", "DHE_PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xFFFB: // DHE_PSK_WITH_AES_256_OCB_SHA256 return Ciphersuite(0xFFFB, "", "DHE_PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); case 0xC096: // DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0xC096, "", "DHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC090: // DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 return Ciphersuite(0xC090, "", "DHE_PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC097: // DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 return Ciphersuite(0xC097, "", "DHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC091: // DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC091, "", "DHE_PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x008E: // DHE_PSK_WITH_RC4_128_SHA return Ciphersuite(0x008E, "", "DHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20); case 0x0016: // DHE_RSA_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x0016, "RSA", "DH", "3DES", 24, 8, 0, "SHA-1", 20); case 0x0033: // DHE_RSA_WITH_AES_128_CBC_SHA return Ciphersuite(0x0033, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x0067: // DHE_RSA_WITH_AES_128_CBC_SHA256 return Ciphersuite(0x0067, "RSA", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC09E: // DHE_RSA_WITH_AES_128_CCM return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A2: // DHE_RSA_WITH_AES_128_CCM_8 return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x009E: // DHE_RSA_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xFFF4: // DHE_RSA_WITH_AES_128_OCB_SHA256 return Ciphersuite(0xFFF4, "RSA", "DH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); case 0x0039: // DHE_RSA_WITH_AES_256_CBC_SHA return Ciphersuite(0x0039, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x006B: // DHE_RSA_WITH_AES_256_CBC_SHA256 return Ciphersuite(0x006B, "RSA", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); case 0xC09F: // DHE_RSA_WITH_AES_256_CCM return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A3: // DHE_RSA_WITH_AES_256_CCM_8 return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x009F: // DHE_RSA_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xFFF5: // DHE_RSA_WITH_AES_256_OCB_SHA256 return Ciphersuite(0xFFF5, "RSA", "DH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); case 0x0045: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA return Ciphersuite(0x0045, "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); case 0x00BE: // DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0x00BE, "RSA", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC07C: // DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 return Ciphersuite(0xC07C, "RSA", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0088: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA return Ciphersuite(0x0088, "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); case 0x00C4: // DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 return Ciphersuite(0x00C4, "RSA", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); case 0xC07D: // DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC07D, "RSA", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xCC15: // DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 return Ciphersuite(0xCC15, "RSA", "DH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); case 0x009A: // DHE_RSA_WITH_SEED_CBC_SHA return Ciphersuite(0x009A, "RSA", "DH", "SEED", 16, 16, 0, "SHA-1", 20); case 0x001B: // DH_anon_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x001B, "", "DH", "3DES", 24, 8, 0, "SHA-1", 20); case 0x0034: // DH_anon_WITH_AES_128_CBC_SHA return Ciphersuite(0x0034, "", "DH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x006C: // DH_anon_WITH_AES_128_CBC_SHA256 return Ciphersuite(0x006C, "", "DH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0x00A6: // DH_anon_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x00A6, "", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x003A: // DH_anon_WITH_AES_256_CBC_SHA return Ciphersuite(0x003A, "", "DH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x006D: // DH_anon_WITH_AES_256_CBC_SHA256 return Ciphersuite(0x006D, "", "DH", "AES-256", 32, 16, 0, "SHA-256", 32); case 0x00A7: // DH_anon_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x00A7, "", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0046: // DH_anon_WITH_CAMELLIA_128_CBC_SHA return Ciphersuite(0x0046, "", "DH", "Camellia-128", 16, 16, 0, "SHA-1", 20); case 0x00BF: // DH_anon_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0x00BF, "", "DH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC084: // DH_anon_WITH_CAMELLIA_128_GCM_SHA256 return Ciphersuite(0xC084, "", "DH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0089: // DH_anon_WITH_CAMELLIA_256_CBC_SHA return Ciphersuite(0x0089, "", "DH", "Camellia-256", 32, 16, 0, "SHA-1", 20); case 0x00C5: // DH_anon_WITH_CAMELLIA_256_CBC_SHA256 return Ciphersuite(0x00C5, "", "DH", "Camellia-256", 32, 16, 0, "SHA-256", 32); case 0xC085: // DH_anon_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC085, "", "DH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0018: // DH_anon_WITH_RC4_128_MD5 return Ciphersuite(0x0018, "", "DH", "RC4", 16, 0, 0, "MD5", 16); case 0x009B: // DH_anon_WITH_SEED_CBC_SHA return Ciphersuite(0x009B, "", "DH", "SEED", 16, 16, 0, "SHA-1", 20); case 0xC008: // ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC008, "ECDSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC009: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA return Ciphersuite(0xC009, "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC023: // ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 return Ciphersuite(0xC023, "ECDSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC0AC: // ECDHE_ECDSA_WITH_AES_128_CCM return Ciphersuite(0xC0AC, "ECDSA", "ECDH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0AE: // ECDHE_ECDSA_WITH_AES_128_CCM_8 return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC02B: // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 return Ciphersuite(0xC02B, "ECDSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xFFF2: // ECDHE_ECDSA_WITH_AES_128_OCB_SHA256 return Ciphersuite(0xFFF2, "ECDSA", "ECDH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); case 0xC00A: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA return Ciphersuite(0xC00A, "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC024: // ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 return Ciphersuite(0xC024, "ECDSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xC0AD: // ECDHE_ECDSA_WITH_AES_256_CCM return Ciphersuite(0xC0AD, "ECDSA", "ECDH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0AF: // ECDHE_ECDSA_WITH_AES_256_CCM_8 return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC02C: // ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 return Ciphersuite(0xC02C, "ECDSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xFFF3: // ECDHE_ECDSA_WITH_AES_256_OCB_SHA256 return Ciphersuite(0xFFF3, "ECDSA", "ECDH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); case 0xC072: // ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0xC072, "ECDSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC086: // ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 return Ciphersuite(0xC086, "ECDSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC073: // ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 return Ciphersuite(0xC073, "ECDSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC087: // ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC087, "ECDSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xCC14: // ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 return Ciphersuite(0xCC14, "ECDSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); case 0xC007: // ECDHE_ECDSA_WITH_RC4_128_SHA return Ciphersuite(0xC007, "ECDSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20); case 0xC034: // ECDHE_PSK_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC034, "", "ECDHE_PSK", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC035: // ECDHE_PSK_WITH_AES_128_CBC_SHA return Ciphersuite(0xC035, "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC037: // ECDHE_PSK_WITH_AES_128_CBC_SHA256 return Ciphersuite(0xC037, "", "ECDHE_PSK", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xFFF8: // ECDHE_PSK_WITH_AES_128_OCB_SHA256 return Ciphersuite(0xFFF8, "", "ECDHE_PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); case 0xC036: // ECDHE_PSK_WITH_AES_256_CBC_SHA return Ciphersuite(0xC036, "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC038: // ECDHE_PSK_WITH_AES_256_CBC_SHA384 return Ciphersuite(0xC038, "", "ECDHE_PSK", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xFFF9: // ECDHE_PSK_WITH_AES_256_OCB_SHA256 return Ciphersuite(0xFFF9, "", "ECDHE_PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); case 0xC09A: // ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0xC09A, "", "ECDHE_PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC09B: // ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 return Ciphersuite(0xC09B, "", "ECDHE_PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC033: // ECDHE_PSK_WITH_RC4_128_SHA return Ciphersuite(0xC033, "", "ECDHE_PSK", "RC4", 16, 0, 0, "SHA-1", 20); case 0xC012: // ECDHE_RSA_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC012, "RSA", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC013: // ECDHE_RSA_WITH_AES_128_CBC_SHA return Ciphersuite(0xC013, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC027: // ECDHE_RSA_WITH_AES_128_CBC_SHA256 return Ciphersuite(0xC027, "RSA", "ECDH", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC02F: // ECDHE_RSA_WITH_AES_128_GCM_SHA256 return Ciphersuite(0xC02F, "RSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xFFF0: // ECDHE_RSA_WITH_AES_128_OCB_SHA256 return Ciphersuite(0xFFF0, "RSA", "ECDH", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); case 0xC014: // ECDHE_RSA_WITH_AES_256_CBC_SHA return Ciphersuite(0xC014, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC028: // ECDHE_RSA_WITH_AES_256_CBC_SHA384 return Ciphersuite(0xC028, "RSA", "ECDH", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xC030: // ECDHE_RSA_WITH_AES_256_GCM_SHA384 return Ciphersuite(0xC030, "RSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xFFF1: // ECDHE_RSA_WITH_AES_256_OCB_SHA256 return Ciphersuite(0xFFF1, "RSA", "ECDH", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); case 0xC076: // ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0xC076, "RSA", "ECDH", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC08A: // ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 return Ciphersuite(0xC08A, "RSA", "ECDH", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC077: // ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 return Ciphersuite(0xC077, "RSA", "ECDH", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC08B: // ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC08B, "RSA", "ECDH", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xCC13: // ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 return Ciphersuite(0xCC13, "RSA", "ECDH", "ChaCha20Poly1305", 32, 0, 0, "AEAD", 0, "SHA-256"); case 0xC011: // ECDHE_RSA_WITH_RC4_128_SHA return Ciphersuite(0xC011, "RSA", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20); case 0xC017: // ECDH_anon_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC017, "", "ECDH", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC018: // ECDH_anon_WITH_AES_128_CBC_SHA return Ciphersuite(0xC018, "", "ECDH", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC019: // ECDH_anon_WITH_AES_256_CBC_SHA return Ciphersuite(0xC019, "", "ECDH", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC016: // ECDH_anon_WITH_RC4_128_SHA return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20); case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8 return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0AB: // PSK_DHE_WITH_AES_256_CCM_8 return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, 0, "SHA-1", 20); case 0x008C: // PSK_WITH_AES_128_CBC_SHA return Ciphersuite(0x008C, "", "PSK", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x00AE: // PSK_WITH_AES_128_CBC_SHA256 return Ciphersuite(0x00AE, "", "PSK", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC0A4: // PSK_WITH_AES_128_CCM return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A8: // PSK_WITH_AES_128_CCM_8 return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x00A8: // PSK_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xFFF6: // PSK_WITH_AES_128_OCB_SHA256 return Ciphersuite(0xFFF6, "", "PSK", "AES-128/OCB(12)", 16, 4, 0, "AEAD", 0, "SHA-256"); case 0x008D: // PSK_WITH_AES_256_CBC_SHA return Ciphersuite(0x008D, "", "PSK", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x00AF: // PSK_WITH_AES_256_CBC_SHA384 return Ciphersuite(0x00AF, "", "PSK", "AES-256", 32, 16, 0, "SHA-384", 48); case 0xC0A5: // PSK_WITH_AES_256_CCM return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A9: // PSK_WITH_AES_256_CCM_8 return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x00A9: // PSK_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0xFFF7: // PSK_WITH_AES_256_OCB_SHA256 return Ciphersuite(0xFFF7, "", "PSK", "AES-256/OCB(12)", 32, 4, 0, "AEAD", 0, "SHA-256"); case 0xC094: // PSK_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0xC094, "", "PSK", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC08E: // PSK_WITH_CAMELLIA_128_GCM_SHA256 return Ciphersuite(0xC08E, "", "PSK", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC095: // PSK_WITH_CAMELLIA_256_CBC_SHA384 return Ciphersuite(0xC095, "", "PSK", "Camellia-256", 32, 16, 0, "SHA-384", 48); case 0xC08F: // PSK_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC08F, "", "PSK", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x008A: // PSK_WITH_RC4_128_SHA return Ciphersuite(0x008A, "", "PSK", "RC4", 16, 0, 0, "SHA-1", 20); case 0x000A: // RSA_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0x000A, "RSA", "RSA", "3DES", 24, 8, 0, "SHA-1", 20); case 0x002F: // RSA_WITH_AES_128_CBC_SHA return Ciphersuite(0x002F, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-1", 20); case 0x003C: // RSA_WITH_AES_128_CBC_SHA256 return Ciphersuite(0x003C, "RSA", "RSA", "AES-128", 16, 16, 0, "SHA-256", 32); case 0xC09C: // RSA_WITH_AES_128_CCM return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A0: // RSA_WITH_AES_128_CCM_8 return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x009C: // RSA_WITH_AES_128_GCM_SHA256 return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0035: // RSA_WITH_AES_256_CBC_SHA return Ciphersuite(0x0035, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-1", 20); case 0x003D: // RSA_WITH_AES_256_CBC_SHA256 return Ciphersuite(0x003D, "RSA", "RSA", "AES-256", 32, 16, 0, "SHA-256", 32); case 0xC09D: // RSA_WITH_AES_256_CCM return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0xC0A1: // RSA_WITH_AES_256_CCM_8 return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256"); case 0x009D: // RSA_WITH_AES_256_GCM_SHA384 return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0041: // RSA_WITH_CAMELLIA_128_CBC_SHA return Ciphersuite(0x0041, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-1", 20); case 0x00BA: // RSA_WITH_CAMELLIA_128_CBC_SHA256 return Ciphersuite(0x00BA, "RSA", "RSA", "Camellia-128", 16, 16, 0, "SHA-256", 32); case 0xC07A: // RSA_WITH_CAMELLIA_128_GCM_SHA256 return Ciphersuite(0xC07A, "RSA", "RSA", "Camellia-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256"); case 0x0084: // RSA_WITH_CAMELLIA_256_CBC_SHA return Ciphersuite(0x0084, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-1", 20); case 0x00C0: // RSA_WITH_CAMELLIA_256_CBC_SHA256 return Ciphersuite(0x00C0, "RSA", "RSA", "Camellia-256", 32, 16, 0, "SHA-256", 32); case 0xC07B: // RSA_WITH_CAMELLIA_256_GCM_SHA384 return Ciphersuite(0xC07B, "RSA", "RSA", "Camellia-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384"); case 0x0004: // RSA_WITH_RC4_128_MD5 return Ciphersuite(0x0004, "RSA", "RSA", "RC4", 16, 0, 0, "MD5", 16); case 0x0005: // RSA_WITH_RC4_128_SHA return Ciphersuite(0x0005, "RSA", "RSA", "RC4", 16, 0, 0, "SHA-1", 20); case 0x0096: // RSA_WITH_SEED_CBC_SHA return Ciphersuite(0x0096, "RSA", "RSA", "SEED", 16, 16, 0, "SHA-1", 20); case 0xC01C: // SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC01C, "DSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC01F: // SRP_SHA_DSS_WITH_AES_128_CBC_SHA return Ciphersuite(0xC01F, "DSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC022: // SRP_SHA_DSS_WITH_AES_256_CBC_SHA return Ciphersuite(0xC022, "DSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC01B: // SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC01B, "RSA", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC01E: // SRP_SHA_RSA_WITH_AES_128_CBC_SHA return Ciphersuite(0xC01E, "RSA", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC021: // SRP_SHA_RSA_WITH_AES_256_CBC_SHA return Ciphersuite(0xC021, "RSA", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); case 0xC01A: // SRP_SHA_WITH_3DES_EDE_CBC_SHA return Ciphersuite(0xC01A, "", "SRP_SHA", "3DES", 24, 8, 0, "SHA-1", 20); case 0xC01D: // SRP_SHA_WITH_AES_128_CBC_SHA return Ciphersuite(0xC01D, "", "SRP_SHA", "AES-128", 16, 16, 0, "SHA-1", 20); case 0xC020: // SRP_SHA_WITH_AES_256_CBC_SHA return Ciphersuite(0xC020, "", "SRP_SHA", "AES-256", 32, 16, 0, "SHA-1", 20); } return Ciphersuite(); // some unknown ciphersuite }
Ciphersuite Botan::TLS::Ciphersuite::by_name | ( | const std::string & | name | ) | [static] |
Lookup a ciphersuite by name
name | the name (eg TLS_RSA_WITH_RC4_128_SHA) |
Definition at line 51 of file tls_ciphersuite.cpp.
References all_known_ciphersuites(), and Ciphersuite().
{ for(auto suite : all_known_ciphersuites()) { if(suite.to_string() == name) return suite; } return Ciphersuite(); // some unknown ciphersuite }
const std::string& Botan::TLS::Ciphersuite::cipher_algo | ( | ) | const [inline] |
Definition at line 85 of file tls_ciphersuite.h.
Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), to_string(), and valid().
{ return m_cipher_algo; }
size_t Botan::TLS::Ciphersuite::cipher_keylen | ( | ) | const [inline] |
Definition at line 100 of file tls_ciphersuite.h.
Referenced by to_string().
{ return m_cipher_keylen; }
u16bit Botan::TLS::Ciphersuite::ciphersuite_code | ( | ) | const [inline] |
Definition at line 60 of file tls_ciphersuite.h.
{ return m_ciphersuite_code; }
bool Botan::TLS::Ciphersuite::ecc_ciphersuite | ( | ) | const |
Definition at line 98 of file tls_ciphersuite.cpp.
References kex_algo(), and sig_algo().
bool Botan::TLS::Ciphersuite::is_scsv | ( | u16bit | suite | ) | [static] |
Returns true iff this suite is a known SCSV
Definition at line 62 of file tls_ciphersuite.cpp.
{ // TODO: derive from IANA file in script return (suite == 0x00FF || suite == 0x5600); }
const std::string& Botan::TLS::Ciphersuite::kex_algo | ( | ) | const [inline] |
Definition at line 75 of file tls_ciphersuite.h.
Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), ecc_ciphersuite(), psk_ciphersuite(), Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), to_string(), and valid().
{ return m_kex_algo; }
const std::string& Botan::TLS::Ciphersuite::mac_algo | ( | ) | const [inline] |
Definition at line 90 of file tls_ciphersuite.h.
Referenced by Botan::TLS::Connection_Cipher_State::Connection_Cipher_State(), to_string(), and valid().
{ return m_mac_algo; }
size_t Botan::TLS::Ciphersuite::mac_keylen | ( | ) | const [inline] |
Definition at line 106 of file tls_ciphersuite.h.
{ return m_mac_keylen; }
size_t Botan::TLS::Ciphersuite::nonce_bytes_from_handshake | ( | ) | const [inline] |
Definition at line 104 of file tls_ciphersuite.h.
{ return m_nonce_bytes_from_handshake; }
size_t Botan::TLS::Ciphersuite::nonce_bytes_from_record | ( | ) | const [inline] |
Definition at line 102 of file tls_ciphersuite.h.
{ return m_nonce_bytes_from_record; }
const std::string& Botan::TLS::Ciphersuite::prf_algo | ( | ) | const [inline] |
Definition at line 92 of file tls_ciphersuite.h.
Referenced by Botan::TLS::Handshake_State::protocol_specific_prf(), to_string(), and valid().
{ return (m_prf_algo != "") ? m_prf_algo : m_mac_algo; }
bool Botan::TLS::Ciphersuite::psk_ciphersuite | ( | ) | const |
Definition at line 91 of file tls_ciphersuite.cpp.
References kex_algo().
const std::string& Botan::TLS::Ciphersuite::sig_algo | ( | ) | const [inline] |
Definition at line 80 of file tls_ciphersuite.h.
Referenced by ecc_ciphersuite(), Botan::TLS::Server_Key_Exchange::Server_Key_Exchange(), to_string(), and valid().
{ return m_sig_algo; }
std::string Botan::TLS::Ciphersuite::to_string | ( | ) | const |
Formats the ciphersuite back to an RFC-style ciphersuite string
Definition at line 214 of file tls_ciphersuite.cpp.
References cipher_algo(), cipher_keylen(), Botan::erase_chars(), kex_algo(), mac_algo(), prf_algo(), Botan::replace_chars(), and sig_algo().
{ if(m_cipher_keylen == 0) throw std::runtime_error("Ciphersuite::to_string - no value set"); std::ostringstream out; out << "TLS_"; if(kex_algo() != "RSA") { if(kex_algo() == "DH") out << "DHE"; else if(kex_algo() == "ECDH") out << "ECDHE"; else out << kex_algo(); out << '_'; } if(sig_algo() == "DSA") out << "DSS_"; else if(sig_algo() != "") out << sig_algo() << '_'; out << "WITH_"; if(cipher_algo() == "RC4") { out << "RC4_128_"; } else if(cipher_algo() == "ChaCha20Poly1305") { out << "CHACHA20_POLY1305_"; } else { if(cipher_algo() == "3DES") out << "3DES_EDE"; else if(cipher_algo().find("Camellia") == 0) out << "CAMELLIA_" << std::to_string(8*cipher_keylen()); else { if(cipher_algo().find("OCB(12)") != std::string::npos) out << replace_chars(cipher_algo().substr(0, cipher_algo().size() - 4), {'-', '/'}, '_'); else out << replace_chars(cipher_algo(), {'-', '/'}, '_'); } if(cipher_algo().find("/") != std::string::npos) out << "_"; // some explicit mode already included else out << "_CBC_"; } if(mac_algo() == "SHA-1") out << "SHA"; else if(mac_algo() == "AEAD") out << erase_chars(prf_algo(), {'-'}); else out << erase_chars(mac_algo(), {'-'}); return out.str(); }
bool Botan::TLS::Ciphersuite::valid | ( | ) | const |
Definition at line 123 of file tls_ciphersuite.cpp.
References BOTAN_ASSERT, cipher_algo(), kex_algo(), mac_algo(), prf_algo(), sig_algo(), and Botan::split_on().
{ if(!m_cipher_keylen) // uninitialized object return false; if(!have_hash(prf_algo())) return false; if(mac_algo() == "AEAD") { if(cipher_algo() == "ChaCha20Poly1305") { #if !defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305) return false; #endif } else { auto cipher_and_mode = split_on(cipher_algo(), '/'); BOTAN_ASSERT(cipher_and_mode.size() == 2, "Expected format for AEAD algo"); if(!have_cipher(cipher_and_mode[0])) return false; const auto mode = cipher_and_mode[1]; #if !defined(BOTAN_HAS_AEAD_CCM) if(mode == "CCM" || mode == "CCM-8") return false; #endif #if !defined(BOTAN_HAS_AEAD_GCM) if(mode == "GCM") return false; #endif #if !defined(BOTAN_HAS_AEAD_OCB) if(mode == "OCB(12)" || mode == "OCB") return false; #endif } } else { // Old non-AEAD schemes if(!have_cipher(cipher_algo())) return false; if(!have_hash(mac_algo())) // HMAC return false; } if(kex_algo() == "SRP_SHA") { #if !defined(BOTAN_HAS_SRP6) return false; #endif } else if(kex_algo() == "ECDH" || kex_algo() == "ECDHE_PSK") { #if !defined(BOTAN_HAS_ECDH) return false; #endif } else if(kex_algo() == "DH" || kex_algo() == "DHE_PSK") { #if !defined(BOTAN_HAS_DIFFIE_HELLMAN) return false; #endif } if(sig_algo() == "DSA") { #if !defined(BOTAN_HAS_DSA) return false; #endif } else if(sig_algo() == "ECDSA") { #if !defined(BOTAN_HAS_ECDSA) return false; #endif } else if(sig_algo() == "RSA") { #if !defined(BOTAN_HAS_RSA) return false; #endif } return true; }