|
Botan
1.11.15
|
#include <tls_record.h>
Public Member Functions | |
| AEAD_Mode * | aead () |
| const secure_vector< byte > & | aead_nonce (u64bit seq) |
| const secure_vector< byte > & | aead_nonce (const byte record[], size_t record_len, u64bit seq) |
| std::chrono::seconds | age () const |
| BlockCipher * | block_cipher () |
| size_t | block_size () const |
| secure_vector< byte > & | cbc_state () |
| bool | cbc_without_explicit_iv () const |
| Connection_Cipher_State (Protocol_Version version, Connection_Side which_side, bool is_our_side, const Ciphersuite &suite, const Session_Keys &keys) | |
| const secure_vector< byte > & | format_ad (u64bit seq, byte type, Protocol_Version version, u16bit ptext_length) |
| size_t | iv_size () const |
| MessageAuthenticationCode * | mac () |
| size_t | mac_size () const |
| size_t | nonce_bytes_from_handshake () const |
| size_t | nonce_bytes_from_record () const |
| StreamCipher * | stream_cipher () |
TLS Cipher State
Definition at line 32 of file tls_record.h.
| Botan::TLS::Connection_Cipher_State::Connection_Cipher_State | ( | Protocol_Version | version, |
| Connection_Side | which_side, | ||
| bool | is_our_side, | ||
| const Ciphersuite & | suite, | ||
| const Session_Keys & | keys | ||
| ) |
Initialize a new cipher state
Definition at line 23 of file tls_record.cpp.
References aead(), Botan::OctetString::bits_of(), BOTAN_ASSERT, BOTAN_ASSERT_EQUAL, Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::CLIENT, Botan::TLS::Session_Keys::client_cipher_key(), Botan::TLS::Session_Keys::client_iv(), Botan::TLS::Session_Keys::client_mac_key(), Botan::DECRYPTION, Botan::ENCRYPTION, Botan::get_aead(), Botan::get_block_cipher(), Botan::get_mac(), Botan::get_stream_cipher(), Botan::OctetString::length(), Botan::TLS::Ciphersuite::mac_algo(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), Botan::TLS::Session_Keys::server_cipher_key(), Botan::TLS::Session_Keys::server_iv(), Botan::TLS::Session_Keys::server_mac_key(), and Botan::TLS::Protocol_Version::supports_explicit_cbc_ivs().
:
m_start_time(std::chrono::system_clock::now()),
m_nonce_bytes_from_handshake(suite.nonce_bytes_from_handshake()),
m_nonce_bytes_from_record(suite.nonce_bytes_from_record())
{
SymmetricKey mac_key, cipher_key;
InitializationVector iv;
if(side == CLIENT)
{
cipher_key = keys.client_cipher_key();
iv = keys.client_iv();
mac_key = keys.client_mac_key();
}
else
{
cipher_key = keys.server_cipher_key();
iv = keys.server_iv();
mac_key = keys.server_mac_key();
}
const std::string cipher_algo = suite.cipher_algo();
const std::string mac_algo = suite.mac_algo();
if(AEAD_Mode* aead = get_aead(cipher_algo, our_side ? ENCRYPTION : DECRYPTION))
{
m_aead.reset(aead);
m_aead->set_key(cipher_key + mac_key);
BOTAN_ASSERT_EQUAL(iv.length(), nonce_bytes_from_handshake(), "Matching nonce sizes");
m_nonce = iv.bits_of();
BOTAN_ASSERT(nonce_bytes_from_record() == 0 || nonce_bytes_from_record() == 8,
"Ciphersuite uses implemented IV length");
m_nonce.resize(m_nonce.size() + 8);
return;
}
if(BlockCipher* bc = get_block_cipher(cipher_algo))
{
m_block_cipher.reset(bc->clone());
m_block_cipher->set_key(cipher_key);
m_block_cipher_cbc_state = iv.bits_of();
m_block_size = bc->block_size();
if(version.supports_explicit_cbc_ivs())
m_iv_size = m_block_size;
}
else if(StreamCipher* sc = get_stream_cipher(cipher_algo))
{
m_stream_cipher.reset(sc->clone());
m_stream_cipher->set_key(cipher_key);
}
else
throw Invalid_Argument("Unknown TLS cipher " + cipher_algo);
m_mac.reset(get_mac("HMAC(" + mac_algo + ")"));
m_mac->set_key(mac_key);
}
| AEAD_Mode* Botan::TLS::Connection_Cipher_State::aead | ( | ) | [inline] |
Definition at line 44 of file tls_record.h.
Referenced by Connection_Cipher_State(), and Botan::TLS::write_record().
{ return m_aead.get(); }
| const secure_vector< byte > & Botan::TLS::Connection_Cipher_State::aead_nonce | ( | u64bit | seq | ) |
Definition at line 89 of file tls_record.cpp.
References nonce_bytes_from_handshake(), and Botan::store_be().
Referenced by Botan::TLS::write_record().
{
store_be(seq, &m_nonce[nonce_bytes_from_handshake()]);
return m_nonce;
}
| const secure_vector< byte > & Botan::TLS::Connection_Cipher_State::aead_nonce | ( | const byte | record[], |
| size_t | record_len, | ||
| u64bit | seq | ||
| ) |
Definition at line 96 of file tls_record.cpp.
References Botan::copy_mem(), nonce_bytes_from_handshake(), nonce_bytes_from_record(), and Botan::store_be().
{
if(nonce_bytes_from_record())
{
if(record_len < nonce_bytes_from_record())
throw Decoding_Error("Invalid AEAD packet too short to be valid");
copy_mem(&m_nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record());
}
else
{
/*
nonce_len == 0 is assumed to mean no nonce in the message but
instead the AEAD uses the seq number in network order.
*/
store_be(seq, &m_nonce[nonce_bytes_from_handshake()]);
}
return m_nonce;
}
| std::chrono::seconds Botan::TLS::Connection_Cipher_State::age | ( | ) | const [inline] |
Definition at line 75 of file tls_record.h.
{
return std::chrono::duration_cast<std::chrono::seconds>(
std::chrono::system_clock::now() - m_start_time);
}
| BlockCipher* Botan::TLS::Connection_Cipher_State::block_cipher | ( | ) | [inline] |
Definition at line 54 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_block_cipher.get(); }
| size_t Botan::TLS::Connection_Cipher_State::block_size | ( | ) | const [inline] |
Definition at line 62 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_block_size; }
| secure_vector<byte>& Botan::TLS::Connection_Cipher_State::cbc_state | ( | ) | [inline] |
Definition at line 60 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_block_cipher_cbc_state; }
| bool Botan::TLS::Connection_Cipher_State::cbc_without_explicit_iv | ( | ) | const [inline] |
Definition at line 72 of file tls_record.h.
{ return (m_block_size > 0) && (m_iv_size == 0); }
| const secure_vector< byte > & Botan::TLS::Connection_Cipher_State::format_ad | ( | u64bit | seq, |
| byte | type, | ||
| Protocol_Version | version, | ||
| u16bit | ptext_length | ||
| ) |
Definition at line 116 of file tls_record.cpp.
References Botan::get_byte(), Botan::TLS::Protocol_Version::major_version(), and Botan::TLS::Protocol_Version::minor_version().
Referenced by Botan::TLS::write_record().
| size_t Botan::TLS::Connection_Cipher_State::iv_size | ( | ) | const [inline] |
Definition at line 66 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_iv_size; }
Definition at line 58 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_mac.get(); }
| size_t Botan::TLS::Connection_Cipher_State::mac_size | ( | ) | const [inline] |
Definition at line 64 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_mac->output_length(); }
| size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_handshake | ( | ) | const [inline] |
Definition at line 70 of file tls_record.h.
Referenced by aead_nonce(), Connection_Cipher_State(), and Botan::TLS::write_record().
{ return m_nonce_bytes_from_handshake; }
| size_t Botan::TLS::Connection_Cipher_State::nonce_bytes_from_record | ( | ) | const [inline] |
Definition at line 68 of file tls_record.h.
Referenced by aead_nonce(), Connection_Cipher_State(), and Botan::TLS::write_record().
{ return m_nonce_bytes_from_record; }
Definition at line 56 of file tls_record.h.
Referenced by Botan::TLS::write_record().
{ return m_stream_cipher.get(); }
1.7.6.1