Botan  2.10.0
Crypto and TLS for C++11
tls_text_policy.cpp
Go to the documentation of this file.
1 /*
2 * Text-Based TLS Policy
3 * (C) 2016,2017 Jack Lloyd
4 * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/tls_policy.h>
10 #include <botan/exceptn.h>
11 #include <botan/parsing.h>
12 #include <sstream>
13 
14 namespace Botan {
15 
16 namespace TLS {
17 
18 std::vector<std::string> Text_Policy::allowed_ciphers() const
19  {
20  return get_list("ciphers", Policy::allowed_ciphers());
21  }
22 
23 std::vector<std::string> Text_Policy::allowed_signature_hashes() const
24  {
25  return get_list("signature_hashes", Policy::allowed_signature_hashes());
26  }
27 
28 std::vector<std::string> Text_Policy::allowed_macs() const
29  {
30  return get_list("macs", Policy::allowed_macs());
31  }
32 
33 std::vector<std::string> Text_Policy::allowed_key_exchange_methods() const
34  {
35  return get_list("key_exchange_methods", Policy::allowed_key_exchange_methods());
36  }
37 
38 std::vector<std::string> Text_Policy::allowed_signature_methods() const
39  {
40  return get_list("signature_methods", Policy::allowed_signature_methods());
41  }
42 
43 bool Text_Policy::use_ecc_point_compression() const
44  {
45  return get_bool("use_ecc_point_compression", Policy::use_ecc_point_compression());
46  }
47 
48 bool Text_Policy::allow_tls10() const
49  {
50  return get_bool("allow_tls10", Policy::allow_tls10());
51  }
52 
53 bool Text_Policy::allow_tls11() const
54  {
55  return get_bool("allow_tls11", Policy::allow_tls11());
56  }
57 
58 bool Text_Policy::allow_tls12() const
59  {
60  return get_bool("allow_tls12", Policy::allow_tls12());
61  }
62 
63 bool Text_Policy::allow_dtls10() const
64  {
65  return get_bool("allow_dtls10", Policy::allow_dtls10());
66  }
67 
68 bool Text_Policy::allow_dtls12() const
69  {
70  return get_bool("allow_dtls12", Policy::allow_dtls12());
71  }
72 
73 bool Text_Policy::allow_insecure_renegotiation() const
74  {
75  return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation());
76  }
77 
78 bool Text_Policy::include_time_in_hello_random() const
79  {
80  return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random());
81  }
82 
83 bool Text_Policy::allow_client_initiated_renegotiation() const
84  {
85  return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation());
86  }
87 
88 bool Text_Policy::allow_server_initiated_renegotiation() const
89  {
90  return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation());
91  }
92 
93 bool Text_Policy::server_uses_own_ciphersuite_preferences() const
94  {
95  return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences());
96  }
97 
98 bool Text_Policy::negotiate_encrypt_then_mac() const
99  {
100  return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac());
101  }
102 
103 bool Text_Policy::support_cert_status_message() const
104  {
105  return get_bool("support_cert_status_message", Policy::support_cert_status_message());
106  }
107 
108 std::vector<Group_Params> Text_Policy::key_exchange_groups() const
109  {
110  std::string group_str = get_str("key_exchange_groups");
111 
112  if(group_str.empty())
113  {
114  // fall back to previously used name
115  group_str = get_str("groups");
116  }
117 
118  if(group_str.empty())
119  {
120  return Policy::key_exchange_groups();
121  }
122 
123  std::vector<Group_Params> groups;
124  for(std::string group_name : split_on(group_str, ' '))
125  {
126  Group_Params group_id = group_param_from_string(group_name);
127 
128  if(group_id == Group_Params::NONE)
129  {
130  try
131  {
132  size_t consumed = 0;
133  unsigned long ll_id = std::stoul(group_name, &consumed, 0);
134  if(consumed != group_name.size())
135  continue; // some other cruft
136 
137  const uint16_t id = static_cast<uint16_t>(ll_id);
138 
139  if(id != ll_id)
140  continue; // integer too large
141 
142  group_id = static_cast<Group_Params>(id);
143  }
144  catch(...)
145  {
146  continue;
147  }
148  }
149 
150  if(group_id != Group_Params::NONE)
151  groups.push_back(group_id);
152  }
153 
154  return groups;
155  }
156 
157 size_t Text_Policy::minimum_ecdh_group_size() const
158  {
159  return get_len("minimum_ecdh_group_size", Policy::minimum_ecdh_group_size());
160  }
161 
162 size_t Text_Policy::minimum_ecdsa_group_size() const
163  {
164  return get_len("minimum_ecdsa_group_size", Policy::minimum_ecdsa_group_size());
165  }
166 
167 size_t Text_Policy::minimum_dh_group_size() const
168  {
169  return get_len("minimum_dh_group_size", Policy::minimum_dh_group_size());
170  }
171 
172 size_t Text_Policy::minimum_rsa_bits() const
173  {
174  return get_len("minimum_rsa_bits", Policy::minimum_rsa_bits());
175  }
176 
177 size_t Text_Policy::minimum_signature_strength() const
178  {
179  return get_len("minimum_signature_strength", Policy::minimum_signature_strength());
180  }
181 
182 size_t Text_Policy::dtls_default_mtu() const
183  {
184  return get_len("dtls_default_mtu", Policy::dtls_default_mtu());
185  }
186 
187 size_t Text_Policy::dtls_initial_timeout() const
188  {
189  return get_len("dtls_initial_timeout", Policy::dtls_initial_timeout());
190  }
191 
192 size_t Text_Policy::dtls_maximum_timeout() const
193  {
194  return get_len("dtls_maximum_timeout", Policy::dtls_maximum_timeout());
195  }
196 
197 bool Text_Policy::require_cert_revocation_info() const
198  {
199  return get_bool("require_cert_revocation_info", Policy::require_cert_revocation_info());
200  }
201 
202 bool Text_Policy::hide_unknown_users() const
203  {
204  return get_bool("hide_unknown_users", Policy::hide_unknown_users());
205  }
206 
207 uint32_t Text_Policy::session_ticket_lifetime() const
208  {
209  return static_cast<uint32_t>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()));
210  }
211 
212 bool Text_Policy::send_fallback_scsv(Protocol_Version version) const
213  {
214  return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false;
215  }
216 
217 std::vector<uint16_t> Text_Policy::srtp_profiles() const
218  {
219  std::vector<uint16_t> r;
220  for(std::string p : get_list("srtp_profiles", std::vector<std::string>()))
221  {
222  r.push_back(to_uint16(p));
223  }
224  return r;
225  }
226 
227 void Text_Policy::set(const std::string& k, const std::string& v)
228  {
229  m_kv[k] = v;
230  }
231 
232 Text_Policy::Text_Policy(const std::string& s)
233  {
234  std::istringstream iss(s);
235  m_kv = read_cfg(iss);
236  }
237 
238 Text_Policy::Text_Policy(std::istream& in) : m_kv(read_cfg(in))
239  {}
240 
241 std::vector<std::string>
242 Text_Policy::get_list(const std::string& key,
243  const std::vector<std::string>& def) const
244  {
245  const std::string v = get_str(key);
246 
247  if(v.empty())
248  {
249  return def;
250  }
251 
252  return split_on(v, ' ');
253  }
254 
255 size_t Text_Policy::get_len(const std::string& key, size_t def) const
256  {
257  const std::string v = get_str(key);
258 
259  if(v.empty())
260  {
261  return def;
262  }
263 
264  return to_u32bit(v);
265  }
266 
267 bool Text_Policy::get_bool(const std::string& key, bool def) const
268  {
269  const std::string v = get_str(key);
270 
271  if(v.empty())
272  {
273  return def;
274  }
275 
276  if(v == "true" || v == "True")
277  {
278  return true;
279  }
280  else if(v == "false" || v == "False")
281  {
282  return false;
283  }
284  else
285  {
286  throw Decoding_Error("Invalid boolean '" + v + "'");
287  }
288  }
289 
290 std::string Text_Policy::get_str(const std::string& key, const std::string& def) const
291  {
292  auto i = m_kv.find(key);
293  if(i == m_kv.end())
294  {
295  return def;
296  }
297 
298  return i->second;
299  }
300 
301 bool Text_Policy::set_value(const std::string& key, const std::string& val, bool overwrite)
302  {
303  auto i = m_kv.find(key);
304 
305  if(overwrite == false && i != m_kv.end())
306  return false;
307 
308  m_kv.insert(i, std::make_pair(key, val));
309  return true;
310  }
311 
312 }
313 
314 }
uint16_t to_uint16(const std::string &str)
Definition: parsing.cpp:21
void const BigInt BigInt BigInt & r
Definition: divide.h:23
void const uint8_t in[]
Definition: mgf1.h:26
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:144
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:31
BigInt const BigInt & p
Definition: numthry.h:150
std::map< std::string, std::string > read_cfg(std::istream &is)
Definition: read_cfg.cpp:28
Definition: alg_id.cpp:13
const uint8_t * key
Definition: ffi.h:359
Group_Params group_param_from_string(const std::string &group_name)
Definition: tls_algos.cpp:124
uint32_t * val
Definition: ffi.h:794