Botan  2.7.0
Crypto and TLS for C++11
Public Member Functions | Protected Member Functions | List of all members
Botan::TLS::Text_Policy Class Reference

#include <tls_policy.h>

Inheritance diagram for Botan::TLS::Text_Policy:
Botan::TLS::Policy

Public Member Functions

virtual bool acceptable_ciphersuite (const Ciphersuite &suite) const
 
virtual bool acceptable_protocol_version (Protocol_Version version) const
 
bool allow_client_initiated_renegotiation () const override
 
bool allow_dtls10 () const override
 
bool allow_dtls12 () const override
 
bool allow_insecure_renegotiation () const override
 
bool allow_server_initiated_renegotiation () const override
 
bool allow_tls10 () const override
 
bool allow_tls11 () const override
 
bool allow_tls12 () const override
 
std::vector< std::string > allowed_ciphers () const override
 
std::vector< std::string > allowed_key_exchange_methods () const override
 
std::vector< std::string > allowed_macs () const override
 
bool allowed_signature_hash (const std::string &hash) const
 
std::vector< std::string > allowed_signature_hashes () const override
 
bool allowed_signature_method (const std::string &sig_method) const
 
std::vector< std::string > allowed_signature_methods () const override
 
virtual std::vector< Signature_Schemeallowed_signature_schemes () const
 
virtual void check_peer_key_acceptable (const Public_Key &public_key) const
 
virtual Group_Params choose_key_exchange_group (const std::vector< Group_Params > &peer_groups) const
 
virtual std::vector< uint16_t > ciphersuite_list (Protocol_Version version, bool have_srp) const
 
virtual Group_Params default_dh_group () const
 
size_t dtls_default_mtu () const override
 
size_t dtls_initial_timeout () const override
 
size_t dtls_maximum_timeout () const override
 
bool hide_unknown_users () const override
 
bool include_time_in_hello_random () const override
 
std::vector< Group_Paramskey_exchange_groups () const override
 
virtual Protocol_Version latest_supported_version (bool datagram) const
 
size_t minimum_dh_group_size () const override
 
virtual size_t minimum_dsa_group_size () const
 
size_t minimum_ecdh_group_size () const override
 
size_t minimum_ecdsa_group_size () const override
 
size_t minimum_rsa_bits () const override
 
size_t minimum_signature_strength () const override
 
bool negotiate_encrypt_then_mac () const override
 
virtual void print (std::ostream &o) const
 
bool require_cert_revocation_info () const override
 
bool send_fallback_scsv (Protocol_Version version) const override
 
bool server_uses_own_ciphersuite_preferences () const override
 
uint32_t session_ticket_lifetime () const override
 
void set (const std::string &k, const std::string &v)
 
std::vector< uint16_t > srtp_profiles () const override
 
bool support_cert_status_message () const override
 
 Text_Policy (const std::string &s)
 
 Text_Policy (std::istream &in)
 
std::string to_string () const
 
bool use_ecc_point_compression () const override
 

Protected Member Functions

bool get_bool (const std::string &key, bool def) const
 
size_t get_len (const std::string &key, size_t def) const
 
std::vector< std::string > get_list (const std::string &key, const std::vector< std::string > &def) const
 
std::string get_str (const std::string &key, const std::string &def="") const
 
bool set_value (const std::string &key, const std::string &val, bool overwrite)
 

Detailed Description

Definition at line 487 of file tls_policy.h.

Constructor & Destructor Documentation

◆ Text_Policy() [1/2]

Botan::TLS::Text_Policy::Text_Policy ( const std::string &  s)
explicit

Definition at line 232 of file tls_text_policy.cpp.

References Botan::read_cfg().

233  {
234  std::istringstream iss(s);
235  m_kv = read_cfg(iss);
236  }
std::map< std::string, std::string > read_cfg(std::istream &is)
Definition: read_cfg.cpp:28

◆ Text_Policy() [2/2]

Botan::TLS::Text_Policy::Text_Policy ( std::istream &  in)
explicit

Definition at line 238 of file tls_text_policy.cpp.

238  : m_kv(read_cfg(in))
239  {}
std::map< std::string, std::string > read_cfg(std::istream &is)
Definition: read_cfg.cpp:28

Member Function Documentation

◆ acceptable_ciphersuite()

bool Botan::TLS::Policy::acceptable_ciphersuite ( const Ciphersuite suite) const
virtualinherited

Allows policy to reject any ciphersuites which are undesirable for whatever reason without having to reimplement ciphersuite_list

Definition at line 313 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_ciphers(), Botan::TLS::Policy::allowed_macs(), Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::mac_algo(), and Botan::value_exists().

Referenced by Botan::TLS::Policy::ciphersuite_list().

314  {
315  return value_exists(allowed_ciphers(), ciphersuite.cipher_algo()) &&
316  value_exists(allowed_macs(), ciphersuite.mac_algo());
317  }
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:40
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:75
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86

◆ acceptable_protocol_version()

bool Botan::TLS::Policy::acceptable_protocol_version ( Protocol_Version  version) const
virtualinherited
Returns
true if and only if we are willing to accept this version Default accepts TLS v1.0 and later or DTLS v1.2 or later.

Definition at line 276 of file tls_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_tls10(), Botan::TLS::Policy::allow_tls11(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Protocol_Version::DTLS_V10, Botan::TLS::Protocol_Version::DTLS_V12, Botan::TLS::Protocol_Version::TLS_V10, Botan::TLS::Protocol_Version::TLS_V11, and Botan::TLS::Protocol_Version::TLS_V12.

Referenced by Botan::TLS::Client_Hello::Client_Hello().

277  {
278  // Uses boolean optimization:
279  // First check the current version (left part), then if it is allowed
280  // (right part)
281  // checks are ordered according to their probability
282  return (
283  ( ( version == Protocol_Version::TLS_V12) && allow_tls12() ) ||
284  ( ( version == Protocol_Version::TLS_V10) && allow_tls10() ) ||
285  ( ( version == Protocol_Version::TLS_V11) && allow_tls11() ) ||
286  ( ( version == Protocol_Version::DTLS_V12) && allow_dtls12() ) ||
287  ( ( version == Protocol_Version::DTLS_V10) && allow_dtls10() )
288  );
289  }
virtual bool allow_tls11() const
Definition: tls_policy.cpp:323
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:325
virtual bool allow_tls12() const
Definition: tls_policy.cpp:324
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:326
virtual bool allow_tls10() const
Definition: tls_policy.cpp:322

◆ allow_client_initiated_renegotiation()

bool Botan::TLS::Text_Policy::allow_client_initiated_renegotiation ( ) const
overridevirtual

Consulted by server side. If true, allows clients to initiate a new handshake

Reimplemented from Botan::TLS::Policy.

Definition at line 83 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allow_client_initiated_renegotiation(), and get_bool().

84  {
85  return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation());
86  }
bool get_bool(const std::string &key, bool def) const
virtual bool allow_client_initiated_renegotiation() const
Definition: tls_policy.cpp:319

◆ allow_dtls10()

bool Botan::TLS::Text_Policy::allow_dtls10 ( ) const
overridevirtual

Allow DTLS v1.0

Reimplemented from Botan::TLS::Policy.

Definition at line 63 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), and get_bool().

64  {
65  return get_bool("allow_dtls10", Policy::allow_dtls10());
66  }
bool get_bool(const std::string &key, bool def) const
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:325

◆ allow_dtls12()

bool Botan::TLS::Text_Policy::allow_dtls12 ( ) const
overridevirtual

Allow DTLS v1.2

Reimplemented from Botan::TLS::Policy.

Definition at line 68 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allow_dtls12(), and get_bool().

69  {
70  return get_bool("allow_dtls12", Policy::allow_dtls12());
71  }
bool get_bool(const std::string &key, bool def) const
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:326

◆ allow_insecure_renegotiation()

bool Botan::TLS::Text_Policy::allow_insecure_renegotiation ( ) const
overridevirtual

Allow renegotiation even if the counterparty doesn't support the secure renegotiation extension.

Warning
Changing this to true exposes you to injected plaintext attacks. Read RFC 5746 for background.

Reimplemented from Botan::TLS::Policy.

Definition at line 73 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allow_insecure_renegotiation(), and get_bool().

74  {
75  return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation());
76  }
virtual bool allow_insecure_renegotiation() const
Definition: tls_policy.cpp:321
bool get_bool(const std::string &key, bool def) const

◆ allow_server_initiated_renegotiation()

bool Botan::TLS::Text_Policy::allow_server_initiated_renegotiation ( ) const
overridevirtual

Consulted by client side. If true, allows servers to initiate a new handshake

Reimplemented from Botan::TLS::Policy.

Definition at line 88 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allow_server_initiated_renegotiation(), and get_bool().

89  {
90  return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation());
91  }
virtual bool allow_server_initiated_renegotiation() const
Definition: tls_policy.cpp:320
bool get_bool(const std::string &key, bool def) const

◆ allow_tls10()

bool Botan::TLS::Text_Policy::allow_tls10 ( ) const
overridevirtual

Allow TLS v1.0

Reimplemented from Botan::TLS::Policy.

Definition at line 48 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allow_tls10(), and get_bool().

49  {
50  return get_bool("allow_tls10", Policy::allow_tls10());
51  }
bool get_bool(const std::string &key, bool def) const
virtual bool allow_tls10() const
Definition: tls_policy.cpp:322

◆ allow_tls11()

bool Botan::TLS::Text_Policy::allow_tls11 ( ) const
overridevirtual

Allow TLS v1.1

Reimplemented from Botan::TLS::Policy.

Definition at line 53 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allow_tls11(), and get_bool().

54  {
55  return get_bool("allow_tls11", Policy::allow_tls11());
56  }
virtual bool allow_tls11() const
Definition: tls_policy.cpp:323
bool get_bool(const std::string &key, bool def) const

◆ allow_tls12()

bool Botan::TLS::Text_Policy::allow_tls12 ( ) const
overridevirtual

Allow TLS v1.2

Reimplemented from Botan::TLS::Policy.

Definition at line 58 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allow_tls12(), and get_bool().

59  {
60  return get_bool("allow_tls12", Policy::allow_tls12());
61  }
bool get_bool(const std::string &key, bool def) const
virtual bool allow_tls12() const
Definition: tls_policy.cpp:324

◆ allowed_ciphers()

std::vector< std::string > Botan::TLS::Text_Policy::allowed_ciphers ( ) const
overridevirtual

Returns a list of ciphers we are willing to negotiate, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 18 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allowed_ciphers(), and get_list().

19  {
20  return get_list("ciphers", Policy::allowed_ciphers());
21  }
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:40
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const

◆ allowed_key_exchange_methods()

std::vector< std::string > Botan::TLS::Text_Policy::allowed_key_exchange_methods ( ) const
overridevirtual

Returns a list of key exchange algorithms we are willing to use, in order of preference. Allowed values: DH, empty string (representing RSA using server certificate key)

Reimplemented from Botan::TLS::Policy.

Definition at line 33 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allowed_key_exchange_methods(), and get_list().

34  {
35  return get_list("key_exchange_methods", Policy::allowed_key_exchange_methods());
36  }
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:90
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const

◆ allowed_macs()

std::vector< std::string > Botan::TLS::Text_Policy::allowed_macs ( ) const
overridevirtual

Returns a list of MAC algorithms we are willing to use.

Reimplemented from Botan::TLS::Policy.

Definition at line 28 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allowed_macs(), and get_list().

29  {
30  return get_list("macs", Policy::allowed_macs());
31  }
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:75
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const

◆ allowed_signature_hash()

bool Botan::TLS::Policy::allowed_signature_hash ( const std::string &  hash) const
inherited

Definition at line 120 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_signature_hashes(), and Botan::value_exists().

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), and Botan::TLS::Handshake_State::choose_sig_format().

121  {
122  return value_exists(allowed_signature_hashes(), sig_hash);
123  }
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:65
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86

◆ allowed_signature_hashes()

std::vector< std::string > Botan::TLS::Text_Policy::allowed_signature_hashes ( ) const
overridevirtual

Returns a list of hash algorithms we are willing to use for signatures, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 23 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allowed_signature_hashes(), and get_list().

24  {
25  return get_list("signature_hashes", Policy::allowed_signature_hashes());
26  }
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:65
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const

◆ allowed_signature_method()

bool Botan::TLS::Policy::allowed_signature_method ( const std::string &  sig_method) const
inherited

Definition at line 115 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_signature_methods(), and Botan::value_exists().

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), and Botan::TLS::Handshake_State::parse_sig_format().

116  {
117  return value_exists(allowed_signature_methods(), sig_method);
118  }
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:104

◆ allowed_signature_methods()

std::vector< std::string > Botan::TLS::Text_Policy::allowed_signature_methods ( ) const
overridevirtual

Returns a list of signature algorithms we are willing to use, in order of preference. Allowed values RSA and DSA.

Reimplemented from Botan::TLS::Policy.

Definition at line 38 of file tls_text_policy.cpp.

References Botan::TLS::Policy::allowed_signature_methods(), and get_list().

39  {
40  return get_list("signature_methods", Policy::allowed_signature_methods());
41  }
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:104

◆ allowed_signature_schemes()

std::vector< Signature_Scheme > Botan::TLS::Policy::allowed_signature_schemes ( ) const
virtualinherited

Definition at line 22 of file tls_policy.cpp.

References Botan::TLS::all_signature_schemes(), Botan::TLS::Policy::allowed_signature_hash(), Botan::TLS::Policy::allowed_signature_method(), Botan::TLS::hash_function_of_scheme(), and Botan::TLS::signature_algorithm_of_scheme().

Referenced by Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Client_Hello::Client_Hello().

23  {
24  std::vector<Signature_Scheme> schemes;
25 
27  {
28  const bool sig_allowed = allowed_signature_method(signature_algorithm_of_scheme(scheme));
29  const bool hash_allowed = allowed_signature_hash(hash_function_of_scheme(scheme));
30 
31  if(sig_allowed && hash_allowed)
32  {
33  schemes.push_back(scheme);
34  }
35  }
36 
37  return schemes;
38  }
std::string hash_function_of_scheme(Signature_Scheme scheme)
Definition: tls_algos.cpp:191
Signature_Scheme
Definition: tls_algos.h:84
bool allowed_signature_method(const std::string &sig_method) const
Definition: tls_policy.cpp:115
bool allowed_signature_hash(const std::string &hash) const
Definition: tls_policy.cpp:120
const std::vector< Signature_Scheme > & all_signature_schemes()
Definition: tls_algos.cpp:229
std::string signature_algorithm_of_scheme(Signature_Scheme scheme)
Definition: tls_algos.cpp:291

◆ check_peer_key_acceptable()

void Botan::TLS::Policy::check_peer_key_acceptable ( const Public_Key public_key) const
virtualinherited

Throw an exception if you don't like the peer's key. Default impl checks the key size against minimum_rsa_bits, minimum_ecdsa_group_size, or minimum_ecdh_group_size depending on the key's type. Override if you'd like to perform some other kind of test on (or logging of) the peer's keys.

Definition at line 229 of file tls_policy.cpp.

References Botan::Public_Key::algo_name(), Botan::TLS::Alert::INSUFFICIENT_SECURITY, Botan::Public_Key::key_length(), Botan::TLS::Policy::minimum_dh_group_size(), Botan::TLS::Policy::minimum_dsa_group_size(), Botan::TLS::Policy::minimum_ecdh_group_size(), Botan::TLS::Policy::minimum_ecdsa_group_size(), Botan::TLS::Policy::minimum_rsa_bits(), and Botan::ASN1::to_string().

Referenced by Botan::TLS::Callbacks::tls_dh_agree(), Botan::TLS::Callbacks::tls_ecdh_agree(), Botan::TLS::Certificate_Verify::verify(), and Botan::TLS::Server_Key_Exchange::verify().

230  {
231  const std::string algo_name = public_key.algo_name();
232 
233  const size_t keylength = public_key.key_length();
234  size_t expected_keylength = 0;
235 
236  if(algo_name == "RSA")
237  {
238  expected_keylength = minimum_rsa_bits();
239  }
240  else if(algo_name == "DH")
241  {
242  expected_keylength = minimum_dh_group_size();
243  }
244  else if(algo_name == "DSA")
245  {
246  expected_keylength = minimum_dsa_group_size();
247  }
248  else if(algo_name == "ECDH" || algo_name == "Curve25519")
249  {
250  expected_keylength = minimum_ecdh_group_size();
251  }
252  else if(algo_name == "ECDSA")
253  {
254  expected_keylength = minimum_ecdsa_group_size();
255  }
256  // else some other algo, so leave expected_keylength as zero and the check is a no-op
257 
258  if(keylength < expected_keylength)
259  throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
260  "Peer sent " +
261  std::to_string(keylength) + " bit " + algo_name + " key"
262  ", policy requires at least " +
263  std::to_string(expected_keylength));
264  }
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:195
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:211
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:210
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:184
virtual size_t minimum_ecdsa_group_size() const
Definition: tls_policy.cpp:189
virtual size_t minimum_dsa_group_size() const
Definition: tls_policy.cpp:223

◆ choose_key_exchange_group()

Group_Params Botan::TLS::Policy::choose_key_exchange_group ( const std::vector< Group_Params > &  peer_groups) const
virtualinherited

Select a key exchange group to use, from the list of groups sent by the peer. If none are acceptable, return Group_Params::NONE

Definition at line 130 of file tls_policy.cpp.

References Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::NONE, and Botan::value_exists().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

131  {
132  if(peer_groups.empty())
133  return Group_Params::NONE;
134 
135  const std::vector<Group_Params> our_groups = key_exchange_groups();
136 
137  for(auto g : our_groups)
138  {
139  if(value_exists(peer_groups, g))
140  return g;
141  }
142 
143  return Group_Params::NONE;
144  }
virtual std::vector< Group_Params > key_exchange_groups() const
Definition: tls_policy.cpp:160
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86

◆ ciphersuite_list()

std::vector< uint16_t > Botan::TLS::Policy::ciphersuite_list ( Protocol_Version  version,
bool  have_srp 
) const
virtualinherited

Return allowed ciphersuites, in order of preference

Definition at line 421 of file tls_policy.cpp.

References Botan::TLS::Policy::acceptable_ciphersuite(), Botan::TLS::Ciphersuite::all_known_ciphersuites(), Botan::TLS::Policy::allowed_ciphers(), Botan::TLS::Policy::allowed_key_exchange_methods(), Botan::TLS::Policy::allowed_macs(), Botan::TLS::Policy::allowed_signature_methods(), Botan::TLS::CECPQ1, Botan::TLS::IMPLICIT, Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::SRP_SHA, Botan::TLS::Protocol_Version::supports_aead_modes(), Botan::value_exists(), and Botan::TLS::X25519.

423  {
424  const std::vector<std::string> ciphers = allowed_ciphers();
425  const std::vector<std::string> macs = allowed_macs();
426  const std::vector<std::string> kex = allowed_key_exchange_methods();
427  const std::vector<std::string> sigs = allowed_signature_methods();
428 
429  std::vector<Ciphersuite> ciphersuites;
430 
431  for(auto&& suite : Ciphersuite::all_known_ciphersuites())
432  {
433  // Can we use it?
434  if(suite.valid() == false)
435  continue;
436 
437  // Is it acceptable to the policy?
438  if(!this->acceptable_ciphersuite(suite))
439  continue;
440 
441  // Are we doing SRP?
442  if(!have_srp && suite.kex_method() == Kex_Algo::SRP_SHA)
443  continue;
444 
445  if(!version.supports_aead_modes())
446  {
447  // Are we doing AEAD in a non-AEAD version?
448  if(suite.mac_algo() == "AEAD")
449  continue;
450 
451  // Older (v1.0/v1.1) versions also do not support any hash but SHA-1
452  if(suite.mac_algo() != "SHA-1")
453  continue;
454  }
455 
456  if(!value_exists(kex, suite.kex_algo()))
457  continue; // unsupported key exchange
458 
459  if(!value_exists(ciphers, suite.cipher_algo()))
460  continue; // unsupported cipher
461 
462  if(!value_exists(macs, suite.mac_algo()))
463  continue; // unsupported MAC algo
464 
465  if(!value_exists(sigs, suite.sig_algo()))
466  {
467  // allow if it's an empty sig algo and we want to use PSK
468  if(suite.auth_method() != Auth_Method::IMPLICIT || !suite.psk_ciphersuite())
469  continue;
470  }
471 
472  /*
473  CECPQ1 always uses x25519 for ECDH, so treat the applications
474  removal of x25519 from the ECC curve list as equivalent to
475  saying they do not trust CECPQ1
476  */
477  if(suite.kex_method() == Kex_Algo::CECPQ1)
478  {
480  continue;
481  }
482 
483  // OK, consider it
484  ciphersuites.push_back(suite);
485  }
486 
487  if(ciphersuites.empty())
488  {
489  throw Exception("Policy does not allow any available cipher suite");
490  }
491 
492  Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs);
493  std::sort(ciphersuites.begin(), ciphersuites.end(), order);
494 
495  std::vector<uint16_t> ciphersuite_codes;
496  for(auto i : ciphersuites)
497  ciphersuite_codes.push_back(i.ciphersuite_code());
498  return ciphersuite_codes;
499  }
virtual bool acceptable_ciphersuite(const Ciphersuite &suite) const
Definition: tls_policy.cpp:313
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:40
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:75
virtual std::vector< Group_Params > key_exchange_groups() const
Definition: tls_policy.cpp:160
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:90
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:104
static const std::vector< Ciphersuite > & all_known_ciphersuites()

◆ default_dh_group()

Group_Params Botan::TLS::Policy::default_dh_group ( ) const
virtualinherited

Definition at line 146 of file tls_policy.cpp.

References Botan::TLS::FFDHE_2048, Botan::TLS::group_param_is_dh(), and Botan::TLS::Policy::key_exchange_groups().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

147  {
148  /*
149  * Return the first listed or just default to 2048
150  */
151  for(auto g : key_exchange_groups())
152  {
153  if(group_param_is_dh(g))
154  return g;
155  }
156 
158  }
bool group_param_is_dh(Group_Params group)
Definition: tls_algos.cpp:118
virtual std::vector< Group_Params > key_exchange_groups() const
Definition: tls_policy.cpp:160

◆ dtls_default_mtu()

size_t Botan::TLS::Text_Policy::dtls_default_mtu ( ) const
overridevirtual
Returns
the default MTU for DTLS

Reimplemented from Botan::TLS::Policy.

Definition at line 182 of file tls_text_policy.cpp.

References Botan::TLS::Policy::dtls_default_mtu(), and get_len().

183  {
184  return get_len("dtls_default_mtu", Policy::dtls_default_mtu());
185  }
virtual size_t dtls_default_mtu() const
Definition: tls_policy.cpp:337
size_t get_len(const std::string &key, size_t def) const

◆ dtls_initial_timeout()

size_t Botan::TLS::Text_Policy::dtls_initial_timeout ( ) const
overridevirtual
Returns
the initial timeout for DTLS

Reimplemented from Botan::TLS::Policy.

Definition at line 187 of file tls_text_policy.cpp.

References Botan::TLS::Policy::dtls_initial_timeout(), and get_len().

188  {
189  return get_len("dtls_initial_timeout", Policy::dtls_initial_timeout());
190  }
virtual size_t dtls_initial_timeout() const
Definition: tls_policy.cpp:334
size_t get_len(const std::string &key, size_t def) const

◆ dtls_maximum_timeout()

size_t Botan::TLS::Text_Policy::dtls_maximum_timeout ( ) const
overridevirtual
Returns
the maximum timeout for DTLS

Reimplemented from Botan::TLS::Policy.

Definition at line 192 of file tls_text_policy.cpp.

References Botan::TLS::Policy::dtls_maximum_timeout(), and get_len().

193  {
194  return get_len("dtls_maximum_timeout", Policy::dtls_maximum_timeout());
195  }
virtual size_t dtls_maximum_timeout() const
Definition: tls_policy.cpp:335
size_t get_len(const std::string &key, size_t def) const

◆ get_bool()

bool Botan::TLS::Text_Policy::get_bool ( const std::string &  key,
bool  def 
) const
protected

Definition at line 267 of file tls_text_policy.cpp.

References get_str().

Referenced by allow_client_initiated_renegotiation(), allow_dtls10(), allow_dtls12(), allow_insecure_renegotiation(), allow_server_initiated_renegotiation(), allow_tls10(), allow_tls11(), allow_tls12(), hide_unknown_users(), include_time_in_hello_random(), negotiate_encrypt_then_mac(), require_cert_revocation_info(), send_fallback_scsv(), server_uses_own_ciphersuite_preferences(), support_cert_status_message(), and use_ecc_point_compression().

268  {
269  const std::string v = get_str(key);
270 
271  if(v.empty())
272  {
273  return def;
274  }
275 
276  if(v == "true" || v == "True")
277  {
278  return true;
279  }
280  else if(v == "false" || v == "False")
281  {
282  return false;
283  }
284  else
285  {
286  throw Exception("Invalid boolean '" + v + "'");
287  }
288  }
std::string get_str(const std::string &key, const std::string &def="") const

◆ get_len()

size_t Botan::TLS::Text_Policy::get_len ( const std::string &  key,
size_t  def 
) const
protected

Definition at line 255 of file tls_text_policy.cpp.

References get_str(), and Botan::to_u32bit().

Referenced by dtls_default_mtu(), dtls_initial_timeout(), dtls_maximum_timeout(), minimum_dh_group_size(), minimum_ecdh_group_size(), minimum_ecdsa_group_size(), minimum_rsa_bits(), minimum_signature_strength(), and session_ticket_lifetime().

256  {
257  const std::string v = get_str(key);
258 
259  if(v.empty())
260  {
261  return def;
262  }
263 
264  return to_u32bit(v);
265  }
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:31
std::string get_str(const std::string &key, const std::string &def="") const

◆ get_list()

std::vector< std::string > Botan::TLS::Text_Policy::get_list ( const std::string &  key,
const std::vector< std::string > &  def 
) const
protected

Definition at line 242 of file tls_text_policy.cpp.

References get_str(), and Botan::split_on().

Referenced by allowed_ciphers(), allowed_key_exchange_methods(), allowed_macs(), allowed_signature_hashes(), allowed_signature_methods(), and srtp_profiles().

244  {
245  const std::string v = get_str(key);
246 
247  if(v.empty())
248  {
249  return def;
250  }
251 
252  return split_on(v, ' ');
253  }
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:144
std::string get_str(const std::string &key, const std::string &def="") const

◆ get_str()

std::string Botan::TLS::Text_Policy::get_str ( const std::string &  key,
const std::string &  def = "" 
) const
protected

Definition at line 290 of file tls_text_policy.cpp.

Referenced by get_bool(), get_len(), get_list(), and key_exchange_groups().

291  {
292  auto i = m_kv.find(key);
293  if(i == m_kv.end())
294  {
295  return def;
296  }
297 
298  return i->second;
299  }

◆ hide_unknown_users()

bool Botan::TLS::Text_Policy::hide_unknown_users ( ) const
overridevirtual

If this function returns false, unknown SRP/PSK identifiers will be rejected with an unknown_psk_identifier alert as soon as the non-existence is identified. Otherwise, a false identifier value will be used and the protocol allowed to proceed, causing the handshake to eventually fail without revealing that the username does not exist on this system.

Reimplemented from Botan::TLS::Policy.

Definition at line 202 of file tls_text_policy.cpp.

References get_bool(), and Botan::TLS::Policy::hide_unknown_users().

203  {
204  return get_bool("hide_unknown_users", Policy::hide_unknown_users());
205  }
bool get_bool(const std::string &key, bool def) const
virtual bool hide_unknown_users() const
Definition: tls_policy.cpp:328

◆ include_time_in_hello_random()

bool Botan::TLS::Text_Policy::include_time_in_hello_random ( ) const
overridevirtual

The protocol dictates that the first 32 bits of the random field are the current time in seconds. However this allows client fingerprinting attacks. Set to false to disable, in which case random bytes will be used instead.

Reimplemented from Botan::TLS::Policy.

Definition at line 78 of file tls_text_policy.cpp.

References get_bool(), and Botan::TLS::Policy::include_time_in_hello_random().

79  {
80  return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random());
81  }
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:327
bool get_bool(const std::string &key, bool def) const

◆ key_exchange_groups()

std::vector< Group_Params > Botan::TLS::Text_Policy::key_exchange_groups ( ) const
overridevirtual

Return list of ECC curves and FFDHE groups we are willing to use in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 108 of file tls_text_policy.cpp.

References get_str(), Botan::TLS::group_param_from_string(), Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::NONE, and Botan::split_on().

109  {
110  std::string group_str = get_str("key_exchange_groups");
111 
112  if(group_str.empty())
113  {
114  // fall back to previously used name
115  group_str = get_str("groups");
116  }
117 
118  if(group_str.empty())
119  {
121  }
122 
123  std::vector<Group_Params> groups;
124  for(std::string group_name : split_on(group_str, ' '))
125  {
126  Group_Params group_id = group_param_from_string(group_name);
127 
128  if(group_id == Group_Params::NONE)
129  {
130  try
131  {
132  size_t consumed = 0;
133  unsigned long ll_id = std::stoul(group_name, &consumed, 0);
134  if(consumed != group_name.size())
135  continue; // some other cruft
136 
137  const uint16_t id = static_cast<uint16_t>(ll_id);
138 
139  if(id != ll_id)
140  continue; // integer too large
141 
142  group_id = static_cast<Group_Params>(id);
143  }
144  catch(...)
145  {
146  continue;
147  }
148  }
149 
150  if(group_id != Group_Params::NONE)
151  groups.push_back(group_id);
152  }
153 
154  return groups;
155  }
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:144
virtual std::vector< Group_Params > key_exchange_groups() const
Definition: tls_policy.cpp:160
std::string get_str(const std::string &key, const std::string &def="") const
Group_Params group_param_from_string(const std::string &group_name)
Definition: tls_algos.cpp:124

◆ latest_supported_version()

Protocol_Version Botan::TLS::Policy::latest_supported_version ( bool  datagram) const
virtualinherited

Returns the more recent protocol version we are willing to use, for either TLS or DTLS depending on datagram param. Shouldn't ever need to override this unless you want to allow a user to disable use of TLS v1.2 (which is not recommended)

Definition at line 291 of file tls_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_tls10(), Botan::TLS::Policy::allow_tls11(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Protocol_Version::DTLS_V10, Botan::TLS::Protocol_Version::DTLS_V12, Botan::TLS::Protocol_Version::TLS_V10, Botan::TLS::Protocol_Version::TLS_V11, and Botan::TLS::Protocol_Version::TLS_V12.

Referenced by Botan::TLS::Policy::send_fallback_scsv().

292  {
293  if(datagram)
294  {
295  if(allow_dtls12())
297  if(allow_dtls10())
299  throw Invalid_State("Policy forbids all available DTLS version");
300  }
301  else
302  {
303  if(allow_tls12())
305  if(allow_tls11())
307  if(allow_tls10())
309  throw Invalid_State("Policy forbids all available TLS version");
310  }
311  }
virtual bool allow_tls11() const
Definition: tls_policy.cpp:323
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:325
virtual bool allow_tls12() const
Definition: tls_policy.cpp:324
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:326
virtual bool allow_tls10() const
Definition: tls_policy.cpp:322

◆ minimum_dh_group_size()

size_t Botan::TLS::Text_Policy::minimum_dh_group_size ( ) const
overridevirtual

Return the minimum DH group size we're willing to use Default is currently 1024 (insecure), should be 2048

Reimplemented from Botan::TLS::Policy.

Definition at line 167 of file tls_text_policy.cpp.

References get_len(), and Botan::TLS::Policy::minimum_dh_group_size().

168  {
169  return get_len("minimum_dh_group_size", Policy::minimum_dh_group_size());
170  }
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:184
size_t get_len(const std::string &key, size_t def) const

◆ minimum_dsa_group_size()

size_t Botan::TLS::Policy::minimum_dsa_group_size ( ) const
virtualinherited

Minimum DSA group size, default 2048 bits

Reimplemented in Botan::TLS::BSI_TR_02102_2.

Definition at line 223 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable().

224  {
225  // FIPS 186-3
226  return 2048;
227  }

◆ minimum_ecdh_group_size()

size_t Botan::TLS::Text_Policy::minimum_ecdh_group_size ( ) const
overridevirtual

Return the minimum ECDH group size we're willing to use for key exchange

Default 255, allowing x25519 and larger x25519 is the smallest curve we will negotiate P-521 is the largest

Reimplemented from Botan::TLS::Policy.

Definition at line 157 of file tls_text_policy.cpp.

References get_len(), and Botan::TLS::Policy::minimum_ecdh_group_size().

158  {
159  return get_len("minimum_ecdh_group_size", Policy::minimum_ecdh_group_size());
160  }
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:195
size_t get_len(const std::string &key, size_t def) const

◆ minimum_ecdsa_group_size()

size_t Botan::TLS::Text_Policy::minimum_ecdsa_group_size ( ) const
overridevirtual

For ECDSA authenticated ciphersuites, the smallest key size the client will accept. This policy is currently only enforced on the server by the client.

Reimplemented from Botan::TLS::Policy.

Definition at line 162 of file tls_text_policy.cpp.

References get_len(), and Botan::TLS::Policy::minimum_ecdsa_group_size().

163  {
164  return get_len("minimum_ecdsa_group_size", Policy::minimum_ecdsa_group_size());
165  }
virtual size_t minimum_ecdsa_group_size() const
Definition: tls_policy.cpp:189
size_t get_len(const std::string &key, size_t def) const

◆ minimum_rsa_bits()

size_t Botan::TLS::Text_Policy::minimum_rsa_bits ( ) const
overridevirtual

Return the minimum bit size we're willing to accept for RSA key exchange or server signatures.

It does not place any requirements on the size of any RSA signature(s) which were used to check the server certificate. This is only concerned with the server's public key.

Default is 2048 which is smallest RSA key size still secure for medium term security.

Reimplemented from Botan::TLS::Policy.

Definition at line 172 of file tls_text_policy.cpp.

References get_len(), and Botan::TLS::Policy::minimum_rsa_bits().

173  {
174  return get_len("minimum_rsa_bits", Policy::minimum_rsa_bits());
175  }
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:211
size_t get_len(const std::string &key, size_t def) const

◆ minimum_signature_strength()

size_t Botan::TLS::Text_Policy::minimum_signature_strength ( ) const
overridevirtual

The minimum signature strength we will accept Returning 80 allows RSA 1024 and SHA-1. Values larger than 80 disable SHA-1 support. Returning 110 allows RSA 2048. Return 128 to force ECC (P-256) or large (~3000 bit) RSA keys. Default is 110

Reimplemented from Botan::TLS::Policy.

Definition at line 177 of file tls_text_policy.cpp.

References get_len(), and Botan::TLS::Policy::minimum_signature_strength().

178  {
179  return get_len("minimum_signature_strength", Policy::minimum_signature_strength());
180  }
virtual size_t minimum_signature_strength() const
Definition: tls_policy.cpp:201
size_t get_len(const std::string &key, size_t def) const

◆ negotiate_encrypt_then_mac()

bool Botan::TLS::Text_Policy::negotiate_encrypt_then_mac ( ) const
overridevirtual

Indicates whether the encrypt-then-MAC extension should be negotiated (RFC 7366)

Reimplemented from Botan::TLS::Policy.

Definition at line 98 of file tls_text_policy.cpp.

References get_bool(), and Botan::TLS::Policy::negotiate_encrypt_then_mac().

99  {
100  return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac());
101  }
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:330
bool get_bool(const std::string &key, bool def) const

◆ print()

void Botan::TLS::Policy::print ( std::ostream &  o) const
virtualinherited

Convert this policy to a printable format.

Parameters
ostream to be printed to

Definition at line 539 of file tls_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_insecure_renegotiation(), Botan::TLS::Policy::allow_server_initiated_renegotiation(), Botan::TLS::Policy::allow_tls10(), Botan::TLS::Policy::allow_tls11(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Policy::allowed_ciphers(), Botan::TLS::Policy::allowed_key_exchange_methods(), Botan::TLS::Policy::allowed_macs(), Botan::TLS::Policy::allowed_signature_hashes(), Botan::TLS::Policy::allowed_signature_methods(), Botan::TLS::Policy::hide_unknown_users(), Botan::TLS::Policy::include_time_in_hello_random(), Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::Policy::minimum_dh_group_size(), Botan::TLS::Policy::minimum_ecdh_group_size(), Botan::TLS::Policy::minimum_rsa_bits(), Botan::TLS::Policy::minimum_signature_strength(), Botan::TLS::Policy::negotiate_encrypt_then_mac(), Botan::TLS::Policy::server_uses_own_ciphersuite_preferences(), Botan::TLS::Policy::session_ticket_lifetime(), and Botan::TLS::Policy::support_cert_status_message().

Referenced by Botan::TLS::Policy::to_string().

540  {
541  print_bool(o, "allow_tls10", allow_tls10());
542  print_bool(o, "allow_tls11", allow_tls11());
543  print_bool(o, "allow_tls12", allow_tls12());
544  print_bool(o, "allow_dtls10", allow_dtls10());
545  print_bool(o, "allow_dtls12", allow_dtls12());
546  print_vec(o, "ciphers", allowed_ciphers());
547  print_vec(o, "macs", allowed_macs());
548  print_vec(o, "signature_hashes", allowed_signature_hashes());
549  print_vec(o, "signature_methods", allowed_signature_methods());
550  print_vec(o, "key_exchange_methods", allowed_key_exchange_methods());
551  print_vec(o, "key_exchange_groups", key_exchange_groups());
552 
553  print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation());
554  print_bool(o, "include_time_in_hello_random", include_time_in_hello_random());
555  print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation());
556  print_bool(o, "hide_unknown_users", hide_unknown_users());
557  print_bool(o, "server_uses_own_ciphersuite_preferences", server_uses_own_ciphersuite_preferences());
558  print_bool(o, "negotiate_encrypt_then_mac", negotiate_encrypt_then_mac());
559  print_bool(o, "support_cert_status_message", support_cert_status_message());
560  o << "session_ticket_lifetime = " << session_ticket_lifetime() << '\n';
561  o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
562  o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n';
563  o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n';
564  o << "minimum_signature_strength = " << minimum_signature_strength() << '\n';
565  }
virtual bool allow_tls11() const
Definition: tls_policy.cpp:323
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:195
virtual bool allow_server_initiated_renegotiation() const
Definition: tls_policy.cpp:320
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:211
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:330
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:327
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:40
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:75
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:65
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:184
virtual bool allow_insecure_renegotiation() const
Definition: tls_policy.cpp:321
virtual std::vector< Group_Params > key_exchange_groups() const
Definition: tls_policy.cpp:160
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:90
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:325
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:331
virtual size_t minimum_signature_strength() const
Definition: tls_policy.cpp:201
virtual bool allow_tls12() const
Definition: tls_policy.cpp:324
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:326
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:104
virtual bool server_uses_own_ciphersuite_preferences() const
Definition: tls_policy.cpp:329
virtual bool hide_unknown_users() const
Definition: tls_policy.cpp:328
virtual uint32_t session_ticket_lifetime() const
Definition: tls_policy.cpp:266
virtual bool allow_tls10() const
Definition: tls_policy.cpp:322

◆ require_cert_revocation_info()

bool Botan::TLS::Text_Policy::require_cert_revocation_info ( ) const
overridevirtual

Return if cert revocation info (CRL/OCSP) is required If true, validation will fail unless a valid CRL or OCSP response was examined.

Reimplemented from Botan::TLS::Policy.

Definition at line 197 of file tls_text_policy.cpp.

References get_bool(), and Botan::TLS::Policy::require_cert_revocation_info().

198  {
199  return get_bool("require_cert_revocation_info", Policy::require_cert_revocation_info());
200  }
virtual bool require_cert_revocation_info() const
Definition: tls_policy.cpp:206
bool get_bool(const std::string &key, bool def) const

◆ send_fallback_scsv()

bool Botan::TLS::Text_Policy::send_fallback_scsv ( Protocol_Version  version) const
overridevirtual

When offering this version, should we send a fallback SCSV? Default returns true iff version is not the latest version the policy allows, exists to allow override in case of interop problems.

Reimplemented from Botan::TLS::Policy.

Definition at line 212 of file tls_text_policy.cpp.

References get_bool(), and Botan::TLS::Policy::send_fallback_scsv().

213  {
214  return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false;
215  }
bool get_bool(const std::string &key, bool def) const
virtual bool send_fallback_scsv(Protocol_Version version) const
Definition: tls_policy.cpp:271

◆ server_uses_own_ciphersuite_preferences()

bool Botan::TLS::Text_Policy::server_uses_own_ciphersuite_preferences ( ) const
overridevirtual
Returns
true if servers should choose the ciphersuite matching their highest preference, rather than the clients. Has no effect on client side.

Reimplemented from Botan::TLS::Policy.

Definition at line 93 of file tls_text_policy.cpp.

References get_bool(), and Botan::TLS::Policy::server_uses_own_ciphersuite_preferences().

94  {
95  return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences());
96  }
bool get_bool(const std::string &key, bool def) const
virtual bool server_uses_own_ciphersuite_preferences() const
Definition: tls_policy.cpp:329

◆ session_ticket_lifetime()

uint32_t Botan::TLS::Text_Policy::session_ticket_lifetime ( ) const
overridevirtual

Return the allowed lifetime of a session ticket. If 0, session tickets do not expire until the session ticket key rolls over. Expired session tickets cannot be used to resume a session.

Reimplemented from Botan::TLS::Policy.

Definition at line 207 of file tls_text_policy.cpp.

References get_len(), and Botan::TLS::Policy::session_ticket_lifetime().

208  {
209  return static_cast<uint32_t>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()));
210  }
virtual uint32_t session_ticket_lifetime() const
Definition: tls_policy.cpp:266
size_t get_len(const std::string &key, size_t def) const

◆ set()

void Botan::TLS::Text_Policy::set ( const std::string &  k,
const std::string &  v 
)

Definition at line 227 of file tls_text_policy.cpp.

228  {
229  m_kv[k] = v;
230  }

◆ set_value()

bool Botan::TLS::Text_Policy::set_value ( const std::string &  key,
const std::string &  val,
bool  overwrite 
)
protected

Definition at line 301 of file tls_text_policy.cpp.

302  {
303  auto i = m_kv.find(key);
304 
305  if(overwrite == false && i != m_kv.end())
306  return false;
307 
308  m_kv.insert(i, std::make_pair(key, val));
309  return true;
310  }

◆ srtp_profiles()

std::vector< uint16_t > Botan::TLS::Text_Policy::srtp_profiles ( ) const
overridevirtual

If this returns a non-empty vector, and DTLS is negotiated, then we will also attempt to negotiate the SRTP extension from RFC 5764 using the returned values as the profile ids.

Reimplemented from Botan::TLS::Policy.

Definition at line 217 of file tls_text_policy.cpp.

References get_list(), and Botan::to_uint16().

218  {
219  std::vector<uint16_t> r;
220  for(std::string p : get_list("srtp_profiles", std::vector<std::string>()))
221  {
222  r.push_back(to_uint16(p));
223  }
224  return r;
225  }
uint16_t to_uint16(const std::string &str)
Definition: parsing.cpp:21
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const

◆ support_cert_status_message()

bool Botan::TLS::Text_Policy::support_cert_status_message ( ) const
overridevirtual

Indicates whether certificate status messages should be supported

Reimplemented from Botan::TLS::Policy.

Definition at line 103 of file tls_text_policy.cpp.

References get_bool(), and Botan::TLS::Policy::support_cert_status_message().

104  {
105  return get_bool("support_cert_status_message", Policy::support_cert_status_message());
106  }
bool get_bool(const std::string &key, bool def) const
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:331

◆ to_string()

std::string Botan::TLS::Policy::to_string ( ) const
inherited

Convert this policy to a printable format. Same as calling print on a ostringstream and reading o.str()

Definition at line 567 of file tls_policy.cpp.

References Botan::TLS::Policy::print().

568  {
569  std::ostringstream oss;
570  this->print(oss);
571  return oss.str();
572  }
virtual void print(std::ostream &o) const
Definition: tls_policy.cpp:539

◆ use_ecc_point_compression()

bool Botan::TLS::Text_Policy::use_ecc_point_compression ( ) const
overridevirtual

Request that ECC curve points are sent compressed

Reimplemented from Botan::TLS::Policy.

Definition at line 43 of file tls_text_policy.cpp.

References get_bool(), and Botan::TLS::Policy::use_ecc_point_compression().

44  {
45  return get_bool("use_ecc_point_compression", Policy::use_ecc_point_compression());
46  }
virtual bool use_ecc_point_compression() const
Definition: tls_policy.cpp:125
bool get_bool(const std::string &key, bool def) const

The documentation for this class was generated from the following files: