11#include <botan/tls_policy.h>
13#include <botan/pk_keys.h>
14#include <botan/tls_algos.h>
15#include <botan/tls_ciphersuite.h>
16#include <botan/tls_exceptn.h>
17#include <botan/internal/stl_util.h>
24 std::vector<Signature_Scheme> schemes;
30 if(sig_allowed && hash_allowed) {
31 schemes.push_back(scheme);
119 const std::vector<Group_Params>& offered_by_peer)
const {
120 if(supported_by_peer.empty()) {
121 return Group_Params::NONE;
128 for(
auto g : offered_by_peer) {
136 for(
auto g : our_groups) {
142 return Group_Params::NONE;
150 if(g.is_dh_named_group()) {
155 return Group_Params::FFDHE_2048;
161#if defined(BOTAN_HAS_CURVE_25519)
162 Group_Params::X25519,
164#if defined(BOTAN_HAS_X448)
168 Group_Params::SECP256R1, Group_Params::BRAINPOOL256R1, Group_Params::SECP384R1, Group_Params::BRAINPOOL384R1,
169 Group_Params::SECP521R1, Group_Params::BRAINPOOL512R1,
171 Group_Params::FFDHE_2048, Group_Params::FFDHE_3072, Group_Params::FFDHE_4096, Group_Params::FFDHE_6144,
172 Group_Params::FFDHE_8192,
178 std::vector<Group_Params> groups_to_offer;
180 if(!supported_groups.empty()) {
181 groups_to_offer.push_back(supported_groups.front());
183 return groups_to_offer;
220 const std::string algo_name = public_key.
algo_name();
222 const size_t keylength = public_key.
key_length();
223 size_t expected_keylength = 0;
225 if(algo_name ==
"RSA") {
227 }
else if(algo_name ==
"DH") {
229 }
else if(algo_name ==
"ECDH" || algo_name ==
"Curve25519" || algo_name ==
"X448") {
231 }
else if(algo_name ==
"ECDSA") {
236 if(keylength < expected_keylength) {
238 "Peer sent " + std::to_string(keylength) +
" bit " + algo_name +
240 ", policy requires at least " +
241 std::to_string(expected_keylength));
250 return std::chrono::days(1);
262#if defined(BOTAN_HAS_TLS_13)
263 if(version == Protocol_Version::TLS_V13 &&
allow_tls13()) {
268#if defined(BOTAN_HAS_TLS_12)
269 if(version == Protocol_Version::TLS_V12 &&
allow_tls12()) {
273 if(version == Protocol_Version::DTLS_V12 &&
allow_dtls12()) {
284 return Protocol_Version::DTLS_V12;
286 throw Invalid_State(
"Policy forbids all available DTLS version");
288#if defined(BOTAN_HAS_TLS_13)
290 return Protocol_Version::TLS_V13;
294 return Protocol_Version::TLS_V12;
296 throw Invalid_State(
"Policy forbids all available TLS version");
318#if defined(BOTAN_HAS_TLS_12)
326#if defined(BOTAN_HAS_TLS_13)
334#if defined(BOTAN_HAS_TLS_12)
420 return 1280 - 40 - 8;
424 return std::vector<uint16_t>();
429class Ciphersuite_Preference_Ordering
final {
431 Ciphersuite_Preference_Ordering(
const std::vector<std::string>& ciphers,
432 const std::vector<std::string>& macs,
433 const std::vector<std::string>& kex,
434 const std::vector<std::string>& sigs) :
435 m_ciphers(ciphers), m_macs(macs), m_kex(kex), m_sigs(sigs) {}
437 bool operator()(
const Ciphersuite& a,
const Ciphersuite& b)
const {
438 if(a.kex_method() != b.kex_method()) {
439 for(
const auto& i : m_kex) {
440 if(a.kex_algo() == i) {
443 if(b.kex_algo() == i) {
449 if(a.cipher_algo() != b.cipher_algo()) {
450 for(
const auto& m_cipher : m_ciphers) {
451 if(a.cipher_algo() == m_cipher) {
454 if(b.cipher_algo() == m_cipher) {
460 if(a.cipher_keylen() != b.cipher_keylen()) {
461 if(a.cipher_keylen() < b.cipher_keylen()) {
464 if(a.cipher_keylen() > b.cipher_keylen()) {
469 if(a.auth_method() != b.auth_method()) {
470 for(
const auto& m_sig : m_sigs) {
471 if(a.sig_algo() == m_sig) {
474 if(b.sig_algo() == m_sig) {
480 if(a.mac_algo() != b.mac_algo()) {
481 for(
const auto& m_mac : m_macs) {
482 if(a.mac_algo() == m_mac) {
485 if(b.mac_algo() == m_mac) {
495 std::vector<std::string> m_ciphers, m_macs, m_kex, m_sigs;
506 std::vector<Ciphersuite> ciphersuites;
515 if(!suite.usable_in_version(version)) {
548 ciphersuites.push_back(suite);
551 if(ciphersuites.empty()) {
552 throw Invalid_State(
"Policy does not allow any available cipher suite");
555 Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs);
556 std::sort(ciphersuites.begin(), ciphersuites.end(), order);
558 std::vector<uint16_t> ciphersuite_codes;
559 ciphersuite_codes.reserve(ciphersuites.size());
560 for(
auto i : ciphersuites) {
561 ciphersuite_codes.push_back(i.ciphersuite_code());
563 return ciphersuite_codes;
568void print_vec(std::ostream& o,
const char* key,
const std::vector<std::string>& v) {
570 for(
size_t i = 0; i != v.size(); ++i) {
572 if(i != v.size() - 1) {
579void print_vec(std::ostream& o,
const char* key,
const std::vector<Group_Params>& params) {
581 std::vector<std::string> names;
582 for(
auto p : params) {
583 if(
auto name = p.to_string()) {
584 names.push_back(
name.value());
590 for(
size_t i = 0; i != names.size(); ++i) {
592 if(i != names.size() - 1) {
599void print_vec(std::ostream& o,
const char* key,
const std::vector<Certificate_Type>& types) {
601 for(
size_t i = 0; i != types.size(); ++i) {
603 if(i != types.size() - 1) {
610void print_bool(std::ostream& o,
const char* key,
bool b) {
611 o << key <<
" = " << (b ?
"true" :
"false") <<
'\n';
627 if(groups_to_offer.empty()) {
628 print_vec(o,
"key_exchange_groups_to_offer", {std::string(
"none")});
630 print_vec(o,
"key_exchange_groups_to_offer", groups_to_offer);
657 std::ostringstream oss;
663 return {
"ChaCha20Poly1305",
"AES-256/GCM",
"AES-128/GCM"};
667 return {
"SHA-512",
"SHA-384"};
virtual std::string algo_name() const =0
virtual size_t key_length() const =0
static const std::vector< Ciphersuite > & all_known_ciphersuites()
std::string mac_algo() const
std::string cipher_algo() const
virtual bool include_time_in_hello_random() const
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
virtual bool abort_connection_on_undesired_renegotiation() const
virtual size_t dtls_maximum_timeout() const
virtual size_t minimum_ecdh_group_size() const
virtual size_t dtls_default_mtu() const
virtual bool allow_tls12() const
virtual std::vector< Signature_Scheme > allowed_signature_schemes() const
std::string to_string() const
virtual bool reuse_session_tickets() const
virtual std::vector< uint16_t > ciphersuite_list(Protocol_Version version) const
virtual std::vector< Certificate_Type > accepted_server_certificate_types() const
virtual std::vector< Certificate_Type > accepted_client_certificate_types() const
bool allowed_signature_method(std::string_view sig_method) const
virtual bool require_client_certificate_authentication() const
virtual std::vector< Group_Params > key_exchange_groups() const
virtual size_t new_session_tickets_upon_handshake_success() const
virtual std::vector< Group_Params > key_exchange_groups_to_offer() const
bool allowed_signature_hash(std::string_view hash) const
virtual size_t minimum_rsa_bits() const
virtual bool tls_13_middlebox_compatibility_mode() const
virtual bool only_resume_with_exact_version() const
virtual bool allow_client_initiated_renegotiation() const
virtual bool allow_dtls_epoch0_restart() const
virtual bool request_client_certificate_authentication() const
virtual bool require_cert_revocation_info() const
virtual bool negotiate_encrypt_then_mac() const
virtual bool server_uses_own_ciphersuite_preferences() const
virtual Protocol_Version latest_supported_version(bool datagram) const
virtual bool acceptable_protocol_version(Protocol_Version version) const
virtual std::vector< uint16_t > srtp_profiles() const
virtual bool support_cert_status_message() const
virtual bool acceptable_ciphersuite(const Ciphersuite &suite) const
virtual std::vector< std::string > allowed_macs() const
virtual bool hide_unknown_users() const
virtual std::optional< std::vector< Signature_Scheme > > acceptable_certificate_signature_schemes() const
virtual bool hash_hello_random() const
virtual bool allow_tls13() const
virtual std::vector< std::string > allowed_key_exchange_methods() const
virtual size_t dtls_initial_timeout() const
virtual size_t maximum_session_tickets_per_client_hello() const
virtual std::vector< Signature_Scheme > acceptable_signature_schemes() const
virtual bool use_ecc_point_compression() const
virtual bool allow_dtls12() const
virtual size_t minimum_dh_group_size() const
virtual bool allow_insecure_renegotiation() const
virtual std::optional< uint16_t > record_size_limit() const
virtual std::vector< std::string > allowed_ciphers() const
virtual std::chrono::seconds session_ticket_lifetime() const
virtual size_t minimum_signature_strength() const
virtual Group_Params default_dh_group() const
virtual size_t maximum_certificate_chain_size() const
virtual std::vector< std::string > allowed_signature_methods() const
virtual size_t minimum_ecdsa_group_size() const
virtual Group_Params choose_key_exchange_group(const std::vector< Group_Params > &supported_by_peer, const std::vector< Group_Params > &offered_by_peer) const
virtual bool allow_resumption_for_renegotiation() const
virtual std::vector< std::string > allowed_signature_hashes() const
virtual bool allow_server_initiated_renegotiation() const
virtual void print(std::ostream &o) const
bool is_pre_tls_13() const
static const std::vector< Signature_Scheme > & all_available_schemes()
std::vector< std::string > allowed_macs() const override
std::vector< std::string > allowed_ciphers() const override
std::vector< std::string > allowed_key_exchange_methods() const override
std::vector< std::string > allowed_signature_hashes() const override
int(* final)(unsigned char *, CTX *)
std::string certificate_type_to_string(Certificate_Type type)
bool value_exists(const std::vector< T > &vec, const OT &val)