Botan  1.11.15
Public Member Functions
Botan::TLS::Connection_Cipher_State Class Reference

#include <tls_record.h>

List of all members.

Public Member Functions

AEAD_Modeaead ()
const secure_vector< byte > & aead_nonce (u64bit seq)
const secure_vector< byte > & aead_nonce (const byte record[], size_t record_len, u64bit seq)
std::chrono::seconds age () const
BlockCipherblock_cipher ()
size_t block_size () const
secure_vector< byte > & cbc_state ()
bool cbc_without_explicit_iv () const
 Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys)
const secure_vector< byte > & format_ad (u64bit seq, byte type, Protocol_Version version, u16bit ptext_length)
size_t iv_size () const
MessageAuthenticationCodemac ()
size_t mac_size () const
size_t nonce_bytes_from_handshake () const
size_t nonce_bytes_from_record () const
StreamCipherstream_cipher ()

Detailed Description

TLS Cipher State

Definition at line 32 of file tls_record.h.


Constructor & Destructor Documentation

Botan::TLS::Connection_Cipher_State::Connection_Cipher_State ( Protocol_Version  version,
Connection_Side  which_side,
bool  is_our_side,
const Ciphersuite suite,
const Session_Keys keys 
)

Initialize a new cipher state

Definition at line 23 of file tls_record.cpp.

References aead(), Botan::OctetString::bits_of(), BOTAN_ASSERT, BOTAN_ASSERT_EQUAL, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::CLIENT, Botan::TLS::Session_Keys::client_cipher_key(), Botan::TLS::Session_Keys::client_iv(), Botan::TLS::Session_Keys::client_mac_key(), Botan::DECRYPTION, Botan::ENCRYPTION, Botan::get_aead(), Botan::get_block_cipher(), Botan::get_mac(), Botan::get_stream_cipher(), Botan::OctetString::length(), Botan::TLS::Ciphersuite::mac_algo(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::TLS::Session_Keys::server_cipher_key(), Botan::TLS::Session_Keys::server_iv(), Botan::TLS::Session_Keys::server_mac_key(), and Botan::TLS::Protocol_Version::supports_explicit_cbc_ivs().

                                                                           :
   m_start_time(std::chrono::system_clock::now()),
   m_nonce_bytes_from_handshake(suite.nonce_bytes_from_handshake()),
   m_nonce_bytes_from_record(suite.nonce_bytes_from_record())
   {
   SymmetricKey mac_key, cipher_key;
   InitializationVector iv;

   if(side == CLIENT)
      {
      cipher_key = keys.client_cipher_key();
      iv = keys.client_iv();
      mac_key = keys.client_mac_key();
      }
   else
      {
      cipher_key = keys.server_cipher_key();
      iv = keys.server_iv();
      mac_key = keys.server_mac_key();
      }

   const std::string cipher_algo = suite.cipher_algo();
   const std::string mac_algo = suite.mac_algo();

   if(AEAD_Mode* aead = get_aead(cipher_algo, our_side ? ENCRYPTION : DECRYPTION))
      {
      m_aead.reset(aead);
      m_aead->set_key(cipher_key + mac_key);

      BOTAN_ASSERT_EQUAL(iv.length(), nonce_bytes_from_handshake(), "Matching nonce sizes");
      m_nonce = iv.bits_of();

      BOTAN_ASSERT(nonce_bytes_from_record() == 0 || nonce_bytes_from_record() == 8,
                   "Ciphersuite uses implemented IV length");

      m_nonce.resize(m_nonce.size() + 8);
      return;
      }

   if(BlockCipher* bc = get_block_cipher(cipher_algo))
      {
      m_block_cipher.reset(bc->clone());
      m_block_cipher->set_key(cipher_key);
      m_block_cipher_cbc_state = iv.bits_of();
      m_block_size = bc->block_size();

      if(version.supports_explicit_cbc_ivs())
         m_iv_size = m_block_size;
      }
   else if(StreamCipher* sc = get_stream_cipher(cipher_algo))
      {
      m_stream_cipher.reset(sc->clone());
      m_stream_cipher->set_key(cipher_key);
      }
   else
      throw Invalid_Argument("Unknown TLS cipher " + cipher_algo);

   m_mac.reset(get_mac("HMAC(" + mac_algo + ")"));

   m_mac->set_key(mac_key);
   }

Member Function Documentation

Definition at line 44 of file tls_record.h.

Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().

{ return m_aead.get(); }
const secure_vector< byte > & Botan::TLS::Connection_Cipher_State::aead_nonce ( u64bit  seq)

Definition at line 89 of file tls_record.cpp.

References nonce_bytes_from_handshake(), and Botan::store_be().

Referenced by Botan::TLS::write_record().

   {
   store_be(seq, &m_nonce[nonce_bytes_from_handshake()]);
   return m_nonce;
   }
const secure_vector< byte > & Botan::TLS::Connection_Cipher_State::aead_nonce ( const byte  record[],
size_t  record_len,
u64bit  seq 
)

Definition at line 96 of file tls_record.cpp.

References Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), and Botan::store_be().

   {
   if(nonce_bytes_from_record())
      {
      if(record_len < nonce_bytes_from_record())
         throw Decoding_Error("Invalid AEAD packet too short to be valid");
      copy_mem(&m_nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record());
      }
   else
      {
      /*
      nonce_len == 0 is assumed to mean no nonce in the message but
      instead the AEAD uses the seq number in network order.
      */
      store_be(seq, &m_nonce[nonce_bytes_from_handshake()]);
      }
   return m_nonce;
   }
std::chrono::seconds Botan::TLS::Connection_Cipher_State::age ( ) const [inline]

Definition at line 75 of file tls_record.h.

         {
         return std::chrono::duration_cast<std::chrono::seconds>(
            std::chrono::system_clock::now() - m_start_time);
         }

Definition at line 54 of file tls_record.h.

Referenced by Botan::TLS::write_record().

{ return m_block_cipher.get(); }

Definition at line 62 of file tls_record.h.

Referenced by Botan::TLS::write_record().

{ return m_block_size; }

Definition at line 60 of file tls_record.h.

Referenced by Botan::TLS::write_record().

{ return m_block_cipher_cbc_state; }

Definition at line 72 of file tls_record.h.

         { return (m_block_size > 0) && (m_iv_size == 0); }
const secure_vector< byte > & Botan::TLS::Connection_Cipher_State::format_ad ( u64bit  seq,
byte  type,
Protocol_Version  version,
u16bit  ptext_length 
)

Definition at line 116 of file tls_record.cpp.

References Botan::get_byte(), Botan::TLS::Protocol_Version::major_version(), and Botan::TLS::Protocol_Version::minor_version().

Referenced by Botan::TLS::write_record().

   {
   m_ad.clear();
   for(size_t i = 0; i != 8; ++i)
      m_ad.push_back(get_byte(i, msg_sequence));
   m_ad.push_back(msg_type);

   m_ad.push_back(version.major_version());
   m_ad.push_back(version.minor_version());

   m_ad.push_back(get_byte(0, msg_length));
   m_ad.push_back(get_byte(1, msg_length));

   return m_ad;
   }

Definition at line 66 of file tls_record.h.

Referenced by Botan::TLS::write_record().

{ return m_iv_size; }

Definition at line 58 of file tls_record.h.

Referenced by Botan::TLS::write_record().

{ return m_mac.get(); }

Definition at line 64 of file tls_record.h.

Referenced by Botan::TLS::write_record().

{ return m_mac->output_length(); }

Definition at line 70 of file tls_record.h.

Referenced by aead_nonce(), Connection_Cipher_State(), and Botan::TLS::write_record().

{ return m_nonce_bytes_from_handshake; }

Definition at line 68 of file tls_record.h.

Referenced by aead_nonce(), Connection_Cipher_State(), and Botan::TLS::write_record().

{ return m_nonce_bytes_from_record; }

Definition at line 56 of file tls_record.h.

Referenced by Botan::TLS::write_record().

{ return m_stream_cipher.get(); }

The documentation for this class was generated from the following files: