Botan  2.11.0
Crypto and TLS for C++11
tls_text_policy.cpp
Go to the documentation of this file.
1 /*
2 * Text-Based TLS Policy
3 * (C) 2016,2017 Jack Lloyd
4 * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/tls_policy.h>
10 #include <botan/exceptn.h>
11 #include <botan/parsing.h>
12 #include <sstream>
13 
14 namespace Botan {
15 
16 namespace TLS {
17 
18 std::vector<std::string> Text_Policy::allowed_ciphers() const
19  {
20  return get_list("ciphers", Policy::allowed_ciphers());
21  }
22 
23 std::vector<std::string> Text_Policy::allowed_signature_hashes() const
24  {
25  return get_list("signature_hashes", Policy::allowed_signature_hashes());
26  }
27 
28 std::vector<std::string> Text_Policy::allowed_macs() const
29  {
30  return get_list("macs", Policy::allowed_macs());
31  }
32 
33 std::vector<std::string> Text_Policy::allowed_key_exchange_methods() const
34  {
35  return get_list("key_exchange_methods", Policy::allowed_key_exchange_methods());
36  }
37 
38 std::vector<std::string> Text_Policy::allowed_signature_methods() const
39  {
40  return get_list("signature_methods", Policy::allowed_signature_methods());
41  }
42 
44  {
45  return get_bool("use_ecc_point_compression", Policy::use_ecc_point_compression());
46  }
47 
49  {
50  return get_bool("allow_tls10", Policy::allow_tls10());
51  }
52 
54  {
55  return get_bool("allow_tls11", Policy::allow_tls11());
56  }
57 
59  {
60  return get_bool("allow_tls12", Policy::allow_tls12());
61  }
62 
64  {
65  return get_bool("allow_dtls10", Policy::allow_dtls10());
66  }
67 
69  {
70  return get_bool("allow_dtls12", Policy::allow_dtls12());
71  }
72 
74  {
75  return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation());
76  }
77 
79  {
80  return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random());
81  }
82 
84  {
85  return get_bool("require_client_certificate_authentication", Policy::require_client_certificate_authentication());
86  }
87 
89  {
90  return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation());
91  }
92 
94  {
95  return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation());
96  }
97 
99  {
100  return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences());
101  }
102 
104  {
105  return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac());
106  }
107 
109  {
110  return get_bool("support_cert_status_message", Policy::support_cert_status_message());
111  }
112 
113 std::vector<Group_Params> Text_Policy::key_exchange_groups() const
114  {
115  std::string group_str = get_str("key_exchange_groups");
116 
117  if(group_str.empty())
118  {
119  // fall back to previously used name
120  group_str = get_str("groups");
121  }
122 
123  if(group_str.empty())
124  {
126  }
127 
128  std::vector<Group_Params> groups;
129  for(std::string group_name : split_on(group_str, ' '))
130  {
131  Group_Params group_id = group_param_from_string(group_name);
132 
133  if(group_id == Group_Params::NONE)
134  {
135  try
136  {
137  size_t consumed = 0;
138  unsigned long ll_id = std::stoul(group_name, &consumed, 0);
139  if(consumed != group_name.size())
140  continue; // some other cruft
141 
142  const uint16_t id = static_cast<uint16_t>(ll_id);
143 
144  if(id != ll_id)
145  continue; // integer too large
146 
147  group_id = static_cast<Group_Params>(id);
148  }
149  catch(...)
150  {
151  continue;
152  }
153  }
154 
155  if(group_id != Group_Params::NONE)
156  groups.push_back(group_id);
157  }
158 
159  return groups;
160  }
161 
163  {
164  return get_len("minimum_ecdh_group_size", Policy::minimum_ecdh_group_size());
165  }
166 
168  {
169  return get_len("minimum_ecdsa_group_size", Policy::minimum_ecdsa_group_size());
170  }
171 
173  {
174  return get_len("minimum_dh_group_size", Policy::minimum_dh_group_size());
175  }
176 
178  {
179  return get_len("minimum_rsa_bits", Policy::minimum_rsa_bits());
180  }
181 
183  {
184  return get_len("minimum_signature_strength", Policy::minimum_signature_strength());
185  }
186 
188  {
189  return get_len("dtls_default_mtu", Policy::dtls_default_mtu());
190  }
191 
193  {
194  return get_len("dtls_initial_timeout", Policy::dtls_initial_timeout());
195  }
196 
198  {
199  return get_len("dtls_maximum_timeout", Policy::dtls_maximum_timeout());
200  }
201 
203  {
204  return get_bool("require_cert_revocation_info", Policy::require_cert_revocation_info());
205  }
206 
208  {
209  return get_bool("hide_unknown_users", Policy::hide_unknown_users());
210  }
211 
213  {
214  return static_cast<uint32_t>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()));
215  }
216 
218  {
219  return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false;
220  }
221 
222 std::vector<uint16_t> Text_Policy::srtp_profiles() const
223  {
224  std::vector<uint16_t> r;
225  for(std::string p : get_list("srtp_profiles", std::vector<std::string>()))
226  {
227  r.push_back(to_uint16(p));
228  }
229  return r;
230  }
231 
232 void Text_Policy::set(const std::string& k, const std::string& v)
233  {
234  m_kv[k] = v;
235  }
236 
237 Text_Policy::Text_Policy(const std::string& s)
238  {
239  std::istringstream iss(s);
240  m_kv = read_cfg(iss);
241  }
242 
243 Text_Policy::Text_Policy(std::istream& in) : m_kv(read_cfg(in))
244  {}
245 
246 std::vector<std::string>
247 Text_Policy::get_list(const std::string& key,
248  const std::vector<std::string>& def) const
249  {
250  const std::string v = get_str(key);
251 
252  if(v.empty())
253  {
254  return def;
255  }
256 
257  return split_on(v, ' ');
258  }
259 
260 size_t Text_Policy::get_len(const std::string& key, size_t def) const
261  {
262  const std::string v = get_str(key);
263 
264  if(v.empty())
265  {
266  return def;
267  }
268 
269  return to_u32bit(v);
270  }
271 
272 bool Text_Policy::get_bool(const std::string& key, bool def) const
273  {
274  const std::string v = get_str(key);
275 
276  if(v.empty())
277  {
278  return def;
279  }
280 
281  if(v == "true" || v == "True")
282  {
283  return true;
284  }
285  else if(v == "false" || v == "False")
286  {
287  return false;
288  }
289  else
290  {
291  throw Decoding_Error("Invalid boolean '" + v + "'");
292  }
293  }
294 
295 std::string Text_Policy::get_str(const std::string& key, const std::string& def) const
296  {
297  auto i = m_kv.find(key);
298  if(i == m_kv.end())
299  {
300  return def;
301  }
302 
303  return i->second;
304  }
305 
306 bool Text_Policy::set_value(const std::string& key, const std::string& val, bool overwrite)
307  {
308  auto i = m_kv.find(key);
309 
310  if(overwrite == false && i != m_kv.end())
311  return false;
312 
313  m_kv.insert(i, std::make_pair(key, val));
314  return true;
315  }
316 
317 }
318 
319 }
uint32_t session_ticket_lifetime() const override
virtual bool allow_tls11() const
Definition: tls_policy.cpp:325
std::vector< Group_Params > key_exchange_groups() const override
uint16_t to_uint16(const std::string &str)
Definition: parsing.cpp:21
virtual size_t dtls_default_mtu() const
Definition: tls_policy.cpp:346
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:197
std::vector< std::string > allowed_key_exchange_methods() const override
virtual bool allow_server_initiated_renegotiation() const
Definition: tls_policy.cpp:322
bool allow_tls11() const override
bool use_ecc_point_compression() const override
bool negotiate_encrypt_then_mac() const override
size_t minimum_rsa_bits() const override
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:144
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:213
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:332
size_t minimum_ecdsa_group_size() const override
virtual bool require_client_certificate_authentication() const
Definition: tls_policy.cpp:336
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:329
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:42
bool server_uses_own_ciphersuite_preferences() const override
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:77
virtual bool use_ecc_point_compression() const
Definition: tls_policy.cpp:127
bool allow_tls12() const override
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:31
bool support_cert_status_message() const override
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:67
bool set_value(const std::string &key, const std::string &val, bool overwrite)
bool send_fallback_scsv(Protocol_Version version) const override
std::vector< uint16_t > srtp_profiles() const override
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:186
virtual bool require_cert_revocation_info() const
Definition: tls_policy.cpp:208
virtual bool allow_insecure_renegotiation() const
Definition: tls_policy.cpp:323
bool get_bool(const std::string &key, bool def) const
std::map< std::string, std::string > read_cfg(std::istream &is)
Definition: read_cfg.cpp:28
std::vector< std::string > allowed_ciphers() const override
virtual std::vector< Group_Params > key_exchange_groups() const
Definition: tls_policy.cpp:162
virtual size_t dtls_initial_timeout() const
Definition: tls_policy.cpp:343
virtual size_t minimum_ecdsa_group_size() const
Definition: tls_policy.cpp:191
bool require_client_certificate_authentication() const override
virtual bool send_fallback_scsv(Protocol_Version version) const
Definition: tls_policy.cpp:273
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:92
std::string get_str(const std::string &key, const std::string &def="") const
bool allow_client_initiated_renegotiation() const override
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:327
bool allow_server_initiated_renegotiation() const override
bool hide_unknown_users() const override
bool include_time_in_hello_random() const override
std::vector< std::string > allowed_signature_hashes() const override
Definition: alg_id.cpp:13
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const
size_t dtls_maximum_timeout() const override
Text_Policy(const std::string &s)
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:333
virtual size_t minimum_signature_strength() const
Definition: tls_policy.cpp:203
bool allow_insecure_renegotiation() const override
bool allow_dtls10() const override
void set(const std::string &k, const std::string &v)
std::vector< std::string > allowed_signature_methods() const override
virtual size_t dtls_maximum_timeout() const
Definition: tls_policy.cpp:344
virtual bool allow_tls12() const
Definition: tls_policy.cpp:326
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:328
bool allow_tls10() const override
Group_Params group_param_from_string(const std::string &group_name)
Definition: tls_algos.cpp:124
size_t minimum_ecdh_group_size() const override
bool require_cert_revocation_info() const override
size_t minimum_dh_group_size() const override
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:106
size_t minimum_signature_strength() const override
bool allow_dtls12() const override
size_t dtls_initial_timeout() const override
virtual bool server_uses_own_ciphersuite_preferences() const
Definition: tls_policy.cpp:331
virtual bool hide_unknown_users() const
Definition: tls_policy.cpp:330
size_t dtls_default_mtu() const override
std::vector< std::string > allowed_macs() const override
virtual bool allow_client_initiated_renegotiation() const
Definition: tls_policy.cpp:321
virtual uint32_t session_ticket_lifetime() const
Definition: tls_policy.cpp:268
virtual bool allow_tls10() const
Definition: tls_policy.cpp:324
size_t get_len(const std::string &key, size_t def) const