11#include <botan/tls_policy.h>
13#include <botan/pk_keys.h>
14#include <botan/tls_algos.h>
15#include <botan/tls_ciphersuite.h>
16#include <botan/tls_exceptn.h>
17#include <botan/internal/os_utils.h>
18#include <botan/internal/stl_util.h>
29 std::vector<Signature_Scheme> schemes;
35 if(sig_allowed && hash_allowed) {
36 schemes.push_back(scheme);
124 const std::vector<Group_Params>& offered_by_peer)
const {
125 if(supported_by_peer.empty()) {
126 return Group_Params::NONE;
133 for(
auto g : offered_by_peer) {
141 for(
auto g : our_groups) {
147 return Group_Params::NONE;
155 if(g.is_dh_named_group()) {
160 return Group_Params::FFDHE_2048;
166#if defined(BOTAN_HAS_X25519)
167 Group_Params::X25519,
169#if defined(BOTAN_HAS_X448)
173 Group_Params::SECP256R1, Group_Params::BRAINPOOL256R1, Group_Params::SECP384R1, Group_Params::BRAINPOOL384R1,
174 Group_Params::SECP521R1, Group_Params::BRAINPOOL512R1,
176 Group_Params::FFDHE_2048, Group_Params::FFDHE_3072, Group_Params::FFDHE_4096, Group_Params::FFDHE_6144,
177 Group_Params::FFDHE_8192,
183 std::vector<Group_Params> groups_to_offer;
185 if(!supported_groups.empty()) {
186 groups_to_offer.push_back(supported_groups.front());
188 return groups_to_offer;
225 const std::string algo_name = public_key.
algo_name();
227 const size_t keylength = public_key.
key_length();
228 size_t expected_keylength = 0;
230 if(algo_name ==
"RSA") {
232 }
else if(algo_name ==
"DH") {
234 }
else if(algo_name ==
"ECDH" || algo_name ==
"X25519" || algo_name ==
"X448") {
236 }
else if(algo_name ==
"ECDSA") {
241 if(keylength < expected_keylength) {
243 "Peer sent " + std::to_string(keylength) +
" bit " + algo_name +
245 ", policy requires at least " +
246 std::to_string(expected_keylength));
255 return std::chrono::days(1);
267#if defined(BOTAN_HAS_TLS_13)
268 if(version == Protocol_Version::TLS_V13 &&
allow_tls13()) {
273#if defined(BOTAN_HAS_TLS_12)
274 if(version == Protocol_Version::TLS_V12 &&
allow_tls12()) {
278 if(version == Protocol_Version::DTLS_V12 &&
allow_dtls12()) {
289 return Protocol_Version::DTLS_V12;
291 throw Invalid_State(
"Policy forbids all available DTLS version");
293#if defined(BOTAN_HAS_TLS_13)
295 return Protocol_Version::TLS_V13;
299 return Protocol_Version::TLS_V12;
301 throw Invalid_State(
"Policy forbids all available TLS version");
323#if defined(BOTAN_HAS_TLS_12)
331#if defined(BOTAN_HAS_TLS_13)
339#if defined(BOTAN_HAS_TLS_12)
425 return 1280 - 40 - 8;
429 return std::vector<uint16_t>();
434class Ciphersuite_Preference_Ordering
final {
436 Ciphersuite_Preference_Ordering(
const std::vector<std::string>& ciphers,
437 const std::vector<std::string>& macs,
438 const std::vector<std::string>& kex,
439 const std::vector<std::string>& sigs) :
440 m_ciphers(ciphers), m_macs(macs), m_kex(kex), m_sigs(sigs) {}
442 bool operator()(
const Ciphersuite& a,
const Ciphersuite& b)
const {
443 if(a.kex_method() != b.kex_method()) {
444 for(
const auto& i : m_kex) {
445 if(a.kex_algo() == i) {
448 if(b.kex_algo() == i) {
454 if(a.cipher_algo() != b.cipher_algo()) {
455 for(
const auto& m_cipher : m_ciphers) {
456 if(a.cipher_algo() == m_cipher) {
459 if(b.cipher_algo() == m_cipher) {
465 if(a.cipher_keylen() != b.cipher_keylen()) {
466 if(a.cipher_keylen() < b.cipher_keylen()) {
469 if(a.cipher_keylen() > b.cipher_keylen()) {
474 if(a.auth_method() != b.auth_method()) {
475 for(
const auto& m_sig : m_sigs) {
476 if(a.sig_algo() == m_sig) {
479 if(b.sig_algo() == m_sig) {
485 if(a.mac_algo() != b.mac_algo()) {
486 for(
const auto& m_mac : m_macs) {
487 if(a.mac_algo() == m_mac) {
490 if(b.mac_algo() == m_mac) {
500 std::vector<std::string> m_ciphers, m_macs, m_kex, m_sigs;
511 std::vector<Ciphersuite> ciphersuites;
520 if(!suite.usable_in_version(version)) {
553 ciphersuites.push_back(suite);
556 if(ciphersuites.empty()) {
557 throw Invalid_State(
"Policy does not allow any available cipher suite");
560 Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs);
561 std::sort(ciphersuites.begin(), ciphersuites.end(), order);
563 std::vector<uint16_t> ciphersuite_codes;
564 ciphersuite_codes.reserve(ciphersuites.size());
565 for(
auto i : ciphersuites) {
566 ciphersuite_codes.push_back(i.ciphersuite_code());
568 return ciphersuite_codes;
573void print_vec(std::ostream& o,
const char* key,
const std::vector<std::string>& v) {
575 for(
size_t i = 0; i != v.size(); ++i) {
577 if(i != v.size() - 1) {
584void print_vec(std::ostream& o,
const char* key,
const std::vector<Group_Params>& params) {
586 std::vector<std::string> names;
587 for(
auto p : params) {
588 if(
auto name = p.to_string()) {
589 names.push_back(
name.value());
595 for(
size_t i = 0; i != names.size(); ++i) {
597 if(i != names.size() - 1) {
604void print_vec(std::ostream& o,
const char* key,
const std::vector<Certificate_Type>& types) {
606 for(
size_t i = 0; i != types.size(); ++i) {
608 if(i != types.size() - 1) {
615void print_bool(std::ostream& o,
const char* key,
bool b) {
616 o << key <<
" = " << (b ?
"true" :
"false") <<
'\n';
633 if(groups_to_offer.empty()) {
634 print_vec(o,
"key_exchange_groups_to_offer", {std::string(
"none")});
636 print_vec(o,
"key_exchange_groups_to_offer", groups_to_offer);
663 std::ostringstream oss;
669 return {
"ChaCha20Poly1305",
"AES-256/GCM",
"AES-128/GCM"};
673 return {
"SHA-512",
"SHA-384"};
virtual std::string algo_name() const =0
virtual size_t key_length() const =0
static const std::vector< Ciphersuite > & all_known_ciphersuites()
std::string mac_algo() const
std::string cipher_algo() const
virtual bool include_time_in_hello_random() const
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
virtual bool abort_connection_on_undesired_renegotiation() const
virtual size_t dtls_maximum_timeout() const
virtual size_t minimum_ecdh_group_size() const
virtual size_t dtls_default_mtu() const
virtual bool allow_tls12() const
virtual std::vector< Signature_Scheme > allowed_signature_schemes() const
std::string to_string() const
virtual bool reuse_session_tickets() const
virtual std::vector< uint16_t > ciphersuite_list(Protocol_Version version) const
virtual std::vector< Certificate_Type > accepted_server_certificate_types() const
virtual std::vector< Certificate_Type > accepted_client_certificate_types() const
bool allowed_signature_method(std::string_view sig_method) const
virtual bool require_client_certificate_authentication() const
virtual std::vector< Group_Params > key_exchange_groups() const
virtual size_t new_session_tickets_upon_handshake_success() const
virtual std::vector< Group_Params > key_exchange_groups_to_offer() const
bool allowed_signature_hash(std::string_view hash) const
virtual size_t minimum_rsa_bits() const
virtual bool tls_13_middlebox_compatibility_mode() const
virtual bool only_resume_with_exact_version() const
virtual bool allow_client_initiated_renegotiation() const
virtual bool allow_ssl_key_log_file() const
virtual bool allow_dtls_epoch0_restart() const
virtual bool request_client_certificate_authentication() const
virtual bool require_cert_revocation_info() const
virtual bool negotiate_encrypt_then_mac() const
virtual bool server_uses_own_ciphersuite_preferences() const
virtual Protocol_Version latest_supported_version(bool datagram) const
virtual bool acceptable_protocol_version(Protocol_Version version) const
virtual std::vector< uint16_t > srtp_profiles() const
virtual bool support_cert_status_message() const
virtual bool acceptable_ciphersuite(const Ciphersuite &suite) const
virtual std::vector< std::string > allowed_macs() const
virtual bool hide_unknown_users() const
virtual std::optional< std::vector< Signature_Scheme > > acceptable_certificate_signature_schemes() const
virtual bool hash_hello_random() const
virtual bool allow_tls13() const
virtual std::vector< std::string > allowed_key_exchange_methods() const
virtual size_t dtls_initial_timeout() const
virtual size_t maximum_session_tickets_per_client_hello() const
virtual std::vector< Signature_Scheme > acceptable_signature_schemes() const
virtual bool use_ecc_point_compression() const
virtual bool allow_dtls12() const
virtual size_t minimum_dh_group_size() const
virtual bool allow_insecure_renegotiation() const
virtual std::optional< uint16_t > record_size_limit() const
virtual std::vector< std::string > allowed_ciphers() const
virtual std::chrono::seconds session_ticket_lifetime() const
virtual size_t minimum_signature_strength() const
virtual Group_Params default_dh_group() const
virtual size_t maximum_certificate_chain_size() const
virtual std::vector< std::string > allowed_signature_methods() const
virtual size_t minimum_ecdsa_group_size() const
virtual Group_Params choose_key_exchange_group(const std::vector< Group_Params > &supported_by_peer, const std::vector< Group_Params > &offered_by_peer) const
virtual bool allow_resumption_for_renegotiation() const
virtual std::vector< std::string > allowed_signature_hashes() const
virtual bool allow_server_initiated_renegotiation() const
virtual void print(std::ostream &o) const
bool is_pre_tls_13() const
static const std::vector< Signature_Scheme > & all_available_schemes()
std::vector< std::string > allowed_macs() const override
std::vector< std::string > allowed_ciphers() const override
std::vector< std::string > allowed_key_exchange_methods() const override
std::vector< std::string > allowed_signature_hashes() const override
int(* final)(unsigned char *, CTX *)
std::string certificate_type_to_string(Certificate_Type type)
bool value_exists(const std::vector< T > &vec, const OT &val)