Botan  2.4.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::TLS::NSA_Suite_B_128 Class Reference

#include <tls_policy.h>

Inheritance diagram for Botan::TLS::NSA_Suite_B_128:
Botan::TLS::Policy

Public Member Functions

virtual bool acceptable_ciphersuite (const Ciphersuite &suite) const
 
virtual bool acceptable_protocol_version (Protocol_Version version) const
 
virtual bool allow_client_initiated_renegotiation () const
 
bool allow_dtls10 () const override
 
bool allow_dtls12 () const override
 
virtual bool allow_insecure_renegotiation () const
 
virtual bool allow_server_initiated_renegotiation () const
 
bool allow_tls10 () const override
 
bool allow_tls11 () const override
 
bool allow_tls12 () const override
 
std::vector< std::string > allowed_ciphers () const override
 
bool allowed_ecc_curve (const std::string &curve) const
 
std::vector< std::string > allowed_ecc_curves () const override
 
std::vector< std::string > allowed_groups () const override
 
std::vector< std::string > allowed_key_exchange_methods () const override
 
std::vector< std::string > allowed_macs () const override
 
bool allowed_signature_hash (const std::string &hash) const
 
std::vector< std::string > allowed_signature_hashes () const override
 
bool allowed_signature_method (const std::string &sig_method) const
 
std::vector< std::string > allowed_signature_methods () const override
 
virtual void check_peer_key_acceptable (const Public_Key &public_key) const
 
virtual std::string choose_curve (const std::vector< std::string > &curve_names) const
 
virtual std::string choose_dh_group (const std::vector< std::string > &dh_group_names) const
 
virtual std::vector< uint16_t > ciphersuite_list (Protocol_Version version, bool have_srp) const
 
virtual std::vector< uint8_t > compression () const
 
virtual std::string dh_group () const
 
virtual size_t dtls_default_mtu () const
 
virtual size_t dtls_initial_timeout () const
 
virtual size_t dtls_maximum_timeout () const
 
virtual bool hide_unknown_users () const
 
virtual bool include_time_in_hello_random () const
 
virtual Protocol_Version latest_supported_version (bool datagram) const
 
virtual size_t minimum_dh_group_size () const
 
virtual size_t minimum_dsa_group_size () const
 
virtual size_t minimum_ecdh_group_size () const
 
virtual size_t minimum_ecdsa_group_size () const
 
virtual size_t minimum_rsa_bits () const
 
size_t minimum_signature_strength () const override
 
virtual bool negotiate_encrypt_then_mac () const
 
virtual void print (std::ostream &o) const
 
virtual bool require_cert_revocation_info () const
 
virtual bool send_fallback_scsv (Protocol_Version version) const
 
virtual bool server_uses_own_ciphersuite_preferences () const
 
virtual uint32_t session_ticket_lifetime () const
 
virtual std::vector< uint16_t > srtp_profiles () const
 
virtual bool support_cert_status_message () const
 
std::string to_string () const
 
virtual bool use_ecc_point_compression () const
 

Detailed Description

NSA Suite B 128-bit security level (RFC 6460)

Definition at line 335 of file tls_policy.h.

Member Function Documentation

◆ acceptable_ciphersuite()

bool Botan::TLS::Policy::acceptable_ciphersuite ( const Ciphersuite suite) const
virtualinherited

Allows policy to reject any ciphersuites which are undesirable for whatever reason without having to reimplement ciphersuite_list

Definition at line 328 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::ciphersuite_list().

329  {
330  return true;
331  }

◆ acceptable_protocol_version()

bool Botan::TLS::Policy::acceptable_protocol_version ( Protocol_Version  version) const
virtualinherited
Returns
true if and only if we are willing to accept this version Default accepts TLS v1.0 and later or DTLS v1.2 or later.

Definition at line 291 of file tls_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_tls10(), Botan::TLS::Policy::allow_tls11(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Protocol_Version::DTLS_V10, Botan::TLS::Protocol_Version::DTLS_V12, Botan::TLS::Protocol_Version::TLS_V10, Botan::TLS::Protocol_Version::TLS_V11, and Botan::TLS::Protocol_Version::TLS_V12.

Referenced by Botan::TLS::Client_Hello::Client_Hello().

292  {
293  // Uses boolean optimization:
294  // First check the current version (left part), then if it is allowed
295  // (right part)
296  // checks are ordered according to their probability
297  return (
298  ( ( version == Protocol_Version::TLS_V12) && allow_tls12() ) ||
299  ( ( version == Protocol_Version::TLS_V10) && allow_tls10() ) ||
300  ( ( version == Protocol_Version::TLS_V11) && allow_tls11() ) ||
301  ( ( version == Protocol_Version::DTLS_V12) && allow_dtls12() ) ||
302  ( ( version == Protocol_Version::DTLS_V10) && allow_dtls10() )
303  );
304  }
virtual bool allow_tls11() const
Definition: tls_policy.cpp:337
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:339
virtual bool allow_tls12() const
Definition: tls_policy.cpp:338
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:340
virtual bool allow_tls10() const
Definition: tls_policy.cpp:336

◆ allow_client_initiated_renegotiation()

bool Botan::TLS::Policy::allow_client_initiated_renegotiation ( ) const
virtualinherited

Consulted by server side. If true, allows clients to initiate a new handshake

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 333 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_client_initiated_renegotiation().

333 { return false; }

◆ allow_dtls10()

bool Botan::TLS::NSA_Suite_B_128::allow_dtls10 ( ) const
inlineoverridevirtual

Allow DTLS v1.0

Reimplemented from Botan::TLS::Policy.

Definition at line 364 of file tls_policy.h.

364 { return false; }

◆ allow_dtls12()

bool Botan::TLS::NSA_Suite_B_128::allow_dtls12 ( ) const
inlineoverridevirtual

Allow DTLS v1.2

Reimplemented from Botan::TLS::Policy.

Definition at line 365 of file tls_policy.h.

365 { return false; }

◆ allow_insecure_renegotiation()

bool Botan::TLS::Policy::allow_insecure_renegotiation ( ) const
virtualinherited

Allow renegotiation even if the counterparty doesn't support the secure renegotiation extension.

Warning
Changing this to true exposes you to injected plaintext attacks. Read RFC 5746 for background.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 335 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_insecure_renegotiation(), Botan::TLS::Client::Client(), and Botan::TLS::Policy::print().

335 { return false; }

◆ allow_server_initiated_renegotiation()

bool Botan::TLS::Policy::allow_server_initiated_renegotiation ( ) const
virtualinherited

Consulted by client side. If true, allows servers to initiate a new handshake

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 334 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_server_initiated_renegotiation(), Botan::TLS::Client::Client(), and Botan::TLS::Policy::print().

334 { return false; }

◆ allow_tls10()

bool Botan::TLS::NSA_Suite_B_128::allow_tls10 ( ) const
inlineoverridevirtual

Allow TLS v1.0

Reimplemented from Botan::TLS::Policy.

Definition at line 361 of file tls_policy.h.

361 { return false; }

◆ allow_tls11()

bool Botan::TLS::NSA_Suite_B_128::allow_tls11 ( ) const
inlineoverridevirtual

Allow TLS v1.1

Reimplemented from Botan::TLS::Policy.

Definition at line 362 of file tls_policy.h.

362 { return false; }

◆ allow_tls12()

bool Botan::TLS::NSA_Suite_B_128::allow_tls12 ( ) const
inlineoverridevirtual

Allow TLS v1.2

Reimplemented from Botan::TLS::Policy.

Definition at line 363 of file tls_policy.h.

363 { return true; }

◆ allowed_ciphers()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_ciphers ( ) const
inlineoverridevirtual

Returns a list of ciphers we are willing to negotiate, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 338 of file tls_policy.h.

339  { return std::vector<std::string>({"AES-128/GCM"}); }

◆ allowed_ecc_curve()

bool Botan::TLS::Policy::allowed_ecc_curve ( const std::string &  curve) const
inherited

Definition at line 122 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_ecc_curves(), Botan::TLS::Policy::allowed_groups(), and Botan::value_exists().

Referenced by Botan::TLS::Policy::ciphersuite_list(), and Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

123  {
124  if(!allowed_ecc_curves().empty())
125  {
126  return value_exists(allowed_ecc_curves(), curve);
127  }
128  return value_exists(allowed_groups(), curve);
129  }
virtual std::vector< std::string > allowed_groups() const
Definition: tls_policy.cpp:172
virtual std::vector< std::string > allowed_ecc_curves() const
Definition: tls_policy.cpp:107
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86

◆ allowed_ecc_curves()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_ecc_curves ( ) const
inlineoverridevirtual

Return list of ECC curves we are willing to use in order of preference. Allowed values: x25519, secp256r1, secp384r1, secp521r1, brainpool256r1, brainpool384r1, brainpool512r1

Reimplemented from Botan::TLS::Policy.

Definition at line 353 of file tls_policy.h.

354  { return std::vector<std::string>({"secp256r1"}); }

◆ allowed_groups()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_groups ( ) const
inlineoverridevirtual

Return list of ECC curves and FFDHE groups we are willing to use in order of preference. Allowed values: x25519, secp256r1, secp384r1, secp521r1, brainpool256r1, brainpool384r1, brainpool512r1, ffdhe/ietf/2048, ffdhe/ietf/3072, ffdhe/ietf/4096, ffdhe/ietf/6144, ffdhe/ietf/8192

Reimplemented from Botan::TLS::Policy.

Definition at line 356 of file tls_policy.h.

357  { return allowed_ecc_curves(); }
std::vector< std::string > allowed_ecc_curves() const override
Definition: tls_policy.h:353

◆ allowed_key_exchange_methods()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_key_exchange_methods ( ) const
inlineoverridevirtual

Returns a list of key exchange algorithms we are willing to use, in order of preference. Allowed values: DH, empty string (representing RSA using server certificate key)

Reimplemented from Botan::TLS::Policy.

Definition at line 347 of file tls_policy.h.

348  { return std::vector<std::string>({"ECDH"}); }

◆ allowed_macs()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_macs ( ) const
inlineoverridevirtual

Returns a list of MAC algorithms we are willing to use.

Reimplemented from Botan::TLS::Policy.

Definition at line 344 of file tls_policy.h.

345  { return std::vector<std::string>({"AEAD"}); }

◆ allowed_signature_hash()

bool Botan::TLS::Policy::allowed_signature_hash ( const std::string &  hash) const
inherited

Definition at line 102 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_signature_hashes(), and Botan::value_exists().

Referenced by Botan::TLS::Handshake_State::choose_sig_format().

103  {
104  return value_exists(allowed_signature_hashes(), sig_hash);
105  }
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:48
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86

◆ allowed_signature_hashes()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_signature_hashes ( ) const
inlineoverridevirtual

Returns a list of hash algorithms we are willing to use for signatures, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 341 of file tls_policy.h.

342  { return std::vector<std::string>({"SHA-256"}); }

◆ allowed_signature_method()

bool Botan::TLS::Policy::allowed_signature_method ( const std::string &  sig_method) const
inherited

Definition at line 97 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_signature_methods(), and Botan::value_exists().

Referenced by Botan::TLS::Handshake_State::parse_sig_format().

98  {
99  return value_exists(allowed_signature_methods(), sig_method);
100  }
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:87

◆ allowed_signature_methods()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_signature_methods ( ) const
inlineoverridevirtual

Returns a list of signature algorithms we are willing to use, in order of preference. Allowed values RSA and DSA.

Reimplemented from Botan::TLS::Policy.

Definition at line 350 of file tls_policy.h.

351  { return std::vector<std::string>({"ECDSA"}); }

◆ check_peer_key_acceptable()

void Botan::TLS::Policy::check_peer_key_acceptable ( const Public_Key public_key) const
virtualinherited

Throw an exception if you don't like the peer's key. Default impl checks the key size against minimum_rsa_bits, minimum_ecdsa_group_size, or minimum_ecdh_group_size depending on the key's type. Override if you'd like to perform some other kind of test on (or logging of) the peer's keys.

Definition at line 236 of file tls_policy.cpp.

References Botan::Public_Key::algo_name(), Botan::TLS::Alert::INSUFFICIENT_SECURITY, Botan::Public_Key::key_length(), Botan::TLS::Policy::minimum_dh_group_size(), Botan::TLS::Policy::minimum_dsa_group_size(), Botan::TLS::Policy::minimum_ecdh_group_size(), Botan::TLS::Policy::minimum_ecdsa_group_size(), Botan::TLS::Policy::minimum_rsa_bits(), and Botan::ASN1::to_string().

Referenced by Botan::TLS::Callbacks::tls_dh_agree(), Botan::TLS::Callbacks::tls_ecdh_agree(), Botan::TLS::Certificate_Verify::verify(), and Botan::TLS::Server_Key_Exchange::verify().

237  {
238  const std::string algo_name = public_key.algo_name();
239 
240  const size_t keylength = public_key.key_length();
241  size_t expected_keylength = 0;
242 
243  if(algo_name == "RSA")
244  {
245  expected_keylength = minimum_rsa_bits();
246  }
247  else if(algo_name == "DH")
248  {
249  expected_keylength = minimum_dh_group_size();
250  }
251  else if(algo_name == "DSA")
252  {
253  expected_keylength = minimum_dsa_group_size();
254  }
255  else if(algo_name == "ECDH" || algo_name == "Curve25519")
256  {
257  expected_keylength = minimum_ecdh_group_size();
258  }
259  else if(algo_name == "ECDSA")
260  {
261  expected_keylength = minimum_ecdsa_group_size();
262  }
263  // else some other algo, so leave expected_keylength as zero and the check is a no-op
264 
265  if(keylength < expected_keylength)
266  throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
267  "Peer sent " +
268  std::to_string(keylength) + " bit " + algo_name + " key"
269  ", policy requires at least " +
270  std::to_string(expected_keylength));
271  }
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:202
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:218
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:108
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:191
virtual size_t minimum_ecdsa_group_size() const
Definition: tls_policy.cpp:196
virtual size_t minimum_dsa_group_size() const
Definition: tls_policy.cpp:230

◆ choose_curve()

std::string Botan::TLS::Policy::choose_curve ( const std::vector< std::string > &  curve_names) const
virtualinherited

Choose an elliptic curve to use

Definition at line 139 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_groups(), Botan::TLS::Supported_Groups::is_dh_group(), and Botan::value_exists().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

140  {
141  const std::vector<std::string> our_groups = allowed_groups();
142 
143  for(size_t i = 0; i != our_groups.size(); ++i)
144  if(!Supported_Groups::is_dh_group(our_groups[i])
145  && value_exists(curve_names, our_groups[i]))
146  return our_groups[i];
147 
148  return ""; // no shared curve
149  }
virtual std::vector< std::string > allowed_groups() const
Definition: tls_policy.cpp:172
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
static bool is_dh_group(const std::string &group_name)

◆ choose_dh_group()

std::string Botan::TLS::Policy::choose_dh_group ( const std::vector< std::string > &  dh_group_names) const
virtualinherited

Choose an FFHDE group to use

Definition at line 154 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_groups(), Botan::TLS::Supported_Groups::is_dh_group(), and Botan::value_exists().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

155  {
156  const std::vector<std::string> our_groups = allowed_groups();
157 
158  for(size_t i = 0; i != our_groups.size(); ++i)
159  if(Supported_Groups::is_dh_group(our_groups[i])
160  && value_exists(dh_groups, our_groups[i]))
161  return our_groups[i];
162 
163  return ""; // no shared ffdhe group
164  }
virtual std::vector< std::string > allowed_groups() const
Definition: tls_policy.cpp:172
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
static bool is_dh_group(const std::string &group_name)

◆ ciphersuite_list()

std::vector< uint16_t > Botan::TLS::Policy::ciphersuite_list ( Protocol_Version  version,
bool  have_srp 
) const
virtualinherited

Return allowed ciphersuites, in order of preference

Definition at line 435 of file tls_policy.cpp.

References Botan::TLS::Policy::acceptable_ciphersuite(), Botan::TLS::Ciphersuite::all_known_ciphersuites(), Botan::TLS::Policy::allowed_ciphers(), Botan::TLS::Policy::allowed_ecc_curve(), Botan::TLS::Policy::allowed_key_exchange_methods(), Botan::TLS::Policy::allowed_macs(), Botan::TLS::Policy::allowed_signature_methods(), Botan::TLS::Protocol_Version::supports_aead_modes(), and Botan::value_exists().

437  {
438  const std::vector<std::string> ciphers = allowed_ciphers();
439  const std::vector<std::string> macs = allowed_macs();
440  const std::vector<std::string> kex = allowed_key_exchange_methods();
441  const std::vector<std::string> sigs = allowed_signature_methods();
442 
443  std::vector<Ciphersuite> ciphersuites;
444 
445  for(auto&& suite : Ciphersuite::all_known_ciphersuites())
446  {
447  // Can we use it?
448  if(suite.valid() == false)
449  continue;
450 
451  // Is it acceptable to the policy?
452  if(!this->acceptable_ciphersuite(suite))
453  continue;
454 
455  // Are we doing SRP?
456  if(!have_srp && suite.kex_algo() == "SRP_SHA")
457  continue;
458 
459  if(!version.supports_aead_modes())
460  {
461  // Are we doing AEAD in a non-AEAD version?
462  if(suite.mac_algo() == "AEAD")
463  continue;
464 
465  // Older (v1.0/v1.1) versions also do not support any hash but SHA-1
466  if(suite.mac_algo() != "SHA-1")
467  continue;
468  }
469 
470  if(!value_exists(kex, suite.kex_algo()))
471  continue; // unsupported key exchange
472 
473  if(!value_exists(ciphers, suite.cipher_algo()))
474  continue; // unsupported cipher
475 
476  if(!value_exists(macs, suite.mac_algo()))
477  continue; // unsupported MAC algo
478 
479  if(!value_exists(sigs, suite.sig_algo()))
480  {
481  // allow if it's an empty sig algo and we want to use PSK
482  if(suite.sig_algo() != "" || !suite.psk_ciphersuite())
483  continue;
484  }
485 
486  /*
487  CECPQ1 always uses x25519 for ECDH, so treat the applications
488  removal of x25519 from the ECC curve list as equivalent to
489  saying they do not trust CECPQ1
490  */
491  if(suite.kex_algo() == "CECPQ1" && allowed_ecc_curve("x25519") == false)
492  continue;
493 
494  // OK, consider it
495  ciphersuites.push_back(suite);
496  }
497 
498  if(ciphersuites.empty())
499  {
500  throw Exception("Policy does not allow any available cipher suite");
501  }
502 
503  Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs);
504  std::sort(ciphersuites.begin(), ciphersuites.end(), order);
505 
506  std::vector<uint16_t> ciphersuite_codes;
507  for(auto i : ciphersuites)
508  ciphersuite_codes.push_back(i.ciphersuite_code());
509  return ciphersuite_codes;
510  }
virtual bool acceptable_ciphersuite(const Ciphersuite &suite) const
Definition: tls_policy.cpp:328
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:23
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:58
bool allowed_ecc_curve(const std::string &curve) const
Definition: tls_policy.cpp:122
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:73
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:87
static const std::vector< Ciphersuite > & all_known_ciphersuites()

◆ compression()

std::vector< uint8_t > Botan::TLS::Policy::compression ( ) const
virtualinherited

Returns a list of compression algorithms we are willing to use, in order of preference. Allowed values any value of Compression_Method.

Note
Compression is not currently supported

Definition at line 276 of file tls_policy.cpp.

References Botan::TLS::NO_COMPRESSION.

277  {
278  return std::vector<uint8_t>{ NO_COMPRESSION };
279  }

◆ dh_group()

std::string Botan::TLS::Policy::dh_group ( ) const
virtualinherited

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 166 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::dh_group(), Botan::TLS::Policy::print(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

167  {
168  // We offer 2048 bit DH because we can
169  return "modp/ietf/2048";
170  }

◆ dtls_default_mtu()

size_t Botan::TLS::Policy::dtls_default_mtu ( ) const
virtualinherited
Returns
the default MTU for DTLS

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 351 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::dtls_default_mtu().

352  {
353  // default MTU is IPv6 min MTU minus UDP/IP headers
354  return 1280 - 40 - 8;
355  }

◆ dtls_initial_timeout()

size_t Botan::TLS::Policy::dtls_initial_timeout ( ) const
virtualinherited
Returns
the initial timeout for DTLS

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 348 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::dtls_initial_timeout().

348 { return 1*1000; }

◆ dtls_maximum_timeout()

size_t Botan::TLS::Policy::dtls_maximum_timeout ( ) const
virtualinherited
Returns
the maximum timeout for DTLS

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 349 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::dtls_maximum_timeout().

349 { return 60*1000; }

◆ hide_unknown_users()

bool Botan::TLS::Policy::hide_unknown_users ( ) const
virtualinherited

If this function returns false, unknown SRP/PSK identifiers will be rejected with an unknown_psk_identifier alert as soon as the non-existence is identified. Otherwise, a false identifier value will be used and the protocol allowed to proceed, causing the handshake to eventually fail without revealing that the username does not exist on this system.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 342 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Text_Policy::hide_unknown_users(), Botan::TLS::Policy::print(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

342 { return false; }

◆ include_time_in_hello_random()

bool Botan::TLS::Policy::include_time_in_hello_random ( ) const
virtualinherited

The protocol dictates that the first 32 bits of the random field are the current time in seconds. However this allows client fingerprinting attacks. Set to false to disable, in which case random bytes will be used instead.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 341 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::include_time_in_hello_random(), Botan::TLS::make_hello_random(), and Botan::TLS::Policy::print().

341 { return true; }

◆ latest_supported_version()

Protocol_Version Botan::TLS::Policy::latest_supported_version ( bool  datagram) const
virtualinherited

Returns the more recent protocol version we are willing to use, for either TLS or DTLS depending on datagram param. Shouldn't ever need to override this unless you want to allow a user to disable use of TLS v1.2 (which is not recommended)

Definition at line 306 of file tls_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_tls10(), Botan::TLS::Policy::allow_tls11(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Protocol_Version::DTLS_V10, Botan::TLS::Protocol_Version::DTLS_V12, Botan::TLS::Protocol_Version::TLS_V10, Botan::TLS::Protocol_Version::TLS_V11, and Botan::TLS::Protocol_Version::TLS_V12.

Referenced by Botan::TLS::Policy::send_fallback_scsv(), and Botan::TLS::Server::Server().

307  {
308  if(datagram)
309  {
310  if(allow_dtls12())
312  if(allow_dtls10())
314  throw Invalid_State("Policy forbids all available DTLS version");
315  }
316  else
317  {
318  if(allow_tls12())
320  if(allow_tls11())
322  if(allow_tls10())
324  throw Invalid_State("Policy forbids all available TLS version");
325  }
326  }
virtual bool allow_tls11() const
Definition: tls_policy.cpp:337
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:339
virtual bool allow_tls12() const
Definition: tls_policy.cpp:338
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:340
virtual bool allow_tls10() const
Definition: tls_policy.cpp:336

◆ minimum_dh_group_size()

size_t Botan::TLS::Policy::minimum_dh_group_size ( ) const
virtualinherited

Return the minimum DH group size we're willing to use Default is currently 1024 (insecure), should be 2048

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 191 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_dh_group_size(), and Botan::TLS::Policy::print().

192  {
193  return 2048;
194  }

◆ minimum_dsa_group_size()

size_t Botan::TLS::Policy::minimum_dsa_group_size ( ) const
virtualinherited

Minimum DSA group size, default 2048 bits

Reimplemented in Botan::TLS::BSI_TR_02102_2.

Definition at line 230 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable().

231  {
232  // FIPS 186-3
233  return 2048;
234  }

◆ minimum_ecdh_group_size()

size_t Botan::TLS::Policy::minimum_ecdh_group_size ( ) const
virtualinherited

Return the minimum ECDH group size we're willing to use for key exchange

Default 255, allowing x25519 and larger x25519 is the smallest curve we will negotiate P-521 is the largest

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 202 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_ecdh_group_size(), and Botan::TLS::Policy::print().

203  {
204  // x25519 is smallest curve currently supported for TLS key exchange
205  return 255;
206  }

◆ minimum_ecdsa_group_size()

size_t Botan::TLS::Policy::minimum_ecdsa_group_size ( ) const
virtualinherited

For ECDSA authenticated ciphersuites, the smallest key size the client will accept. This policy is currently only enforced on the server by the client.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 196 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), and Botan::TLS::Text_Policy::minimum_ecdsa_group_size().

197  {
198  // Here we are at the mercy of whatever the CA signed, but most certs should be 256 bit by now
199  return 256;
200  }

◆ minimum_rsa_bits()

size_t Botan::TLS::Policy::minimum_rsa_bits ( ) const
virtualinherited

Return the minimum bit size we're willing to accept for RSA key exchange or server signatures.

It does not place any requirements on the size of any RSA signature(s) which were used to check the server certificate. This is only concerned with the server's public key.

Default is 2048 which is smallest RSA key size still secure for medium term security.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 218 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_rsa_bits(), and Botan::TLS::Policy::print().

219  {
220  /* Default assumption is all end-entity certificates should
221  be at least 2048 bits these days.
222 
223  If you are connecting to arbitrary servers on the Internet
224  (ie as a web browser or SMTP client) you'll probably have to reduce this
225  to 1024 bits, or perhaps even lower.
226  */
227  return 2048;
228  }

◆ minimum_signature_strength()

size_t Botan::TLS::NSA_Suite_B_128::minimum_signature_strength ( ) const
inlineoverridevirtual

The minimum signature strength we will accept Returning 80 allows RSA 1024 and SHA-1. Values larger than 80 disable SHA-1 support. Returning 110 allows RSA 2048. Return 128 to force ECC (P-256) or large (~3000 bit) RSA keys. Default is 110

Reimplemented from Botan::TLS::Policy.

Definition at line 359 of file tls_policy.h.

359 { return 128; }

◆ negotiate_encrypt_then_mac()

bool Botan::TLS::Policy::negotiate_encrypt_then_mac ( ) const
virtualinherited

Indicates whether the encrypt-then-MAC extension should be negotiated (RFC 7366)

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 344 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Text_Policy::negotiate_encrypt_then_mac(), Botan::TLS::Policy::print(), and Botan::TLS::Server_Hello::Server_Hello().

344 { return true; }

◆ print()

void Botan::TLS::Policy::print ( std::ostream &  o) const
virtualinherited

Convert this policy to a printable format.

Parameters
ostream to be printed to

Definition at line 536 of file tls_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_insecure_renegotiation(), Botan::TLS::Policy::allow_server_initiated_renegotiation(), Botan::TLS::Policy::allow_tls10(), Botan::TLS::Policy::allow_tls11(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Policy::allowed_ciphers(), Botan::TLS::Policy::allowed_ecc_curves(), Botan::TLS::Policy::allowed_groups(), Botan::TLS::Policy::allowed_key_exchange_methods(), Botan::TLS::Policy::allowed_macs(), Botan::TLS::Policy::allowed_signature_hashes(), Botan::TLS::Policy::allowed_signature_methods(), Botan::TLS::Policy::dh_group(), Botan::TLS::Policy::hide_unknown_users(), Botan::TLS::Policy::include_time_in_hello_random(), Botan::TLS::Policy::minimum_dh_group_size(), Botan::TLS::Policy::minimum_ecdh_group_size(), Botan::TLS::Policy::minimum_rsa_bits(), Botan::TLS::Policy::minimum_signature_strength(), Botan::TLS::Policy::negotiate_encrypt_then_mac(), Botan::TLS::Policy::server_uses_own_ciphersuite_preferences(), Botan::TLS::Policy::session_ticket_lifetime(), and Botan::TLS::Policy::support_cert_status_message().

Referenced by Botan::TLS::Policy::to_string().

537  {
538  print_bool(o, "allow_tls10", allow_tls10());
539  print_bool(o, "allow_tls11", allow_tls11());
540  print_bool(o, "allow_tls12", allow_tls12());
541  print_bool(o, "allow_dtls10", allow_dtls10());
542  print_bool(o, "allow_dtls12", allow_dtls12());
543  print_vec(o, "ciphers", allowed_ciphers());
544  print_vec(o, "macs", allowed_macs());
545  print_vec(o, "signature_hashes", allowed_signature_hashes());
546  print_vec(o, "signature_methods", allowed_signature_methods());
547  print_vec(o, "key_exchange_methods", allowed_key_exchange_methods());
548  print_vec(o, "ecc_curves", allowed_ecc_curves());
549  print_vec(o, "groups", allowed_groups());
550 
551  print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation());
552  print_bool(o, "include_time_in_hello_random", include_time_in_hello_random());
553  print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation());
554  print_bool(o, "hide_unknown_users", hide_unknown_users());
555  print_bool(o, "server_uses_own_ciphersuite_preferences", server_uses_own_ciphersuite_preferences());
556  print_bool(o, "negotiate_encrypt_then_mac", negotiate_encrypt_then_mac());
557  print_bool(o, "support_cert_status_message", support_cert_status_message());
558  o << "session_ticket_lifetime = " << session_ticket_lifetime() << '\n';
559  o << "dh_group = " << dh_group() << '\n';
560  o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
561  o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n';
562  o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n';
563  o << "minimum_signature_strength = " << minimum_signature_strength() << '\n';
564  }
virtual bool allow_tls11() const
Definition: tls_policy.cpp:337
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:202
virtual bool allow_server_initiated_renegotiation() const
Definition: tls_policy.cpp:334
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:218
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:344
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:341
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:23
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:58
virtual std::string dh_group() const
Definition: tls_policy.cpp:166
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:48
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:191
virtual bool allow_insecure_renegotiation() const
Definition: tls_policy.cpp:335
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:73
virtual std::vector< std::string > allowed_groups() const
Definition: tls_policy.cpp:172
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:339
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:345
virtual std::vector< std::string > allowed_ecc_curves() const
Definition: tls_policy.cpp:107
virtual size_t minimum_signature_strength() const
Definition: tls_policy.cpp:208
virtual bool allow_tls12() const
Definition: tls_policy.cpp:338
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:340
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:87
virtual bool server_uses_own_ciphersuite_preferences() const
Definition: tls_policy.cpp:343
virtual bool hide_unknown_users() const
Definition: tls_policy.cpp:342
virtual uint32_t session_ticket_lifetime() const
Definition: tls_policy.cpp:281
virtual bool allow_tls10() const
Definition: tls_policy.cpp:336

◆ require_cert_revocation_info()

bool Botan::TLS::Policy::require_cert_revocation_info ( ) const
virtualinherited

Return if cert revocation info (CRL/OCSP) is required If true, validation will fail unless a valid CRL or OCSP response was examined.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 213 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::require_cert_revocation_info(), and Botan::TLS::Callbacks::tls_verify_cert_chain().

214  {
215  return true;
216  }

◆ send_fallback_scsv()

bool Botan::TLS::Policy::send_fallback_scsv ( Protocol_Version  version) const
virtualinherited

When offering this version, should we send a fallback SCSV? Default returns true iff version is not the latest version the policy allows, exists to allow override in case of interop problems.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 286 of file tls_policy.cpp.

References Botan::TLS::Protocol_Version::is_datagram_protocol(), and Botan::TLS::Policy::latest_supported_version().

Referenced by Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Text_Policy::send_fallback_scsv().

287  {
288  return version != latest_supported_version(version.is_datagram_protocol());
289  }
virtual Protocol_Version latest_supported_version(bool datagram) const
Definition: tls_policy.cpp:306

◆ server_uses_own_ciphersuite_preferences()

bool Botan::TLS::Policy::server_uses_own_ciphersuite_preferences ( ) const
virtualinherited
Returns
true if servers should choose the ciphersuite matching their highest preference, rather than the clients. Has no effect on client side.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 343 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::print(), and Botan::TLS::Text_Policy::server_uses_own_ciphersuite_preferences().

343 { return true; }

◆ session_ticket_lifetime()

uint32_t Botan::TLS::Policy::session_ticket_lifetime ( ) const
virtualinherited

Return the allowed lifetime of a session ticket. If 0, session tickets do not expire until the session ticket key rolls over. Expired session tickets cannot be used to resume a session.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 281 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::print(), Botan::TLS::Server::Server(), and Botan::TLS::Text_Policy::session_ticket_lifetime().

282  {
283  return 86400; // ~1 day
284  }

◆ srtp_profiles()

std::vector< uint16_t > Botan::TLS::Policy::srtp_profiles ( ) const
virtualinherited

If this returns a non-empty vector, and DTLS is negotiated, then we will also attempt to negotiate the SRTP extension from RFC 5764 using the returned values as the profile ids.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 357 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Server_Hello::Server_Hello().

358  {
359  return std::vector<uint16_t>();
360  }

◆ support_cert_status_message()

bool Botan::TLS::Policy::support_cert_status_message ( ) const
virtualinherited

Indicates whether certificate status messages should be supported

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 345 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Policy::print(), Botan::TLS::Server_Hello::Server_Hello(), and Botan::TLS::Text_Policy::support_cert_status_message().

345 { return true; }

◆ to_string()

std::string Botan::TLS::Policy::to_string ( ) const
inherited

Convert this policy to a printable format. Same as calling print on a ostringstream and reading o.str()

Definition at line 566 of file tls_policy.cpp.

References Botan::TLS::Policy::print().

567  {
568  std::ostringstream oss;
569  this->print(oss);
570  return oss.str();
571  }
virtual void print(std::ostream &o) const
Definition: tls_policy.cpp:536

◆ use_ecc_point_compression()

bool Botan::TLS::Policy::use_ecc_point_compression ( ) const
virtualinherited

Request that ECC curve points are sent compressed

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 131 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Server_Hello::Server_Hello(), and Botan::TLS::Text_Policy::use_ecc_point_compression().

132  {
133  return false;
134  }

The documentation for this class was generated from the following file: