Botan 2.19.1
Crypto and TLS for C&
tls_text_policy.cpp
Go to the documentation of this file.
1/*
2* Text-Based TLS Policy
3* (C) 2016,2017 Jack Lloyd
4* 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/tls_policy.h>
10#include <botan/exceptn.h>
11#include <botan/parsing.h>
12#include <sstream>
13
14namespace Botan {
15
16namespace TLS {
17
18std::vector<std::string> Text_Policy::allowed_ciphers() const
19 {
20 return get_list("ciphers", Policy::allowed_ciphers());
21 }
22
23std::vector<std::string> Text_Policy::allowed_signature_hashes() const
24 {
25 return get_list("signature_hashes", Policy::allowed_signature_hashes());
26 }
27
28std::vector<std::string> Text_Policy::allowed_macs() const
29 {
30 return get_list("macs", Policy::allowed_macs());
31 }
32
33std::vector<std::string> Text_Policy::allowed_key_exchange_methods() const
34 {
35 return get_list("key_exchange_methods", Policy::allowed_key_exchange_methods());
36 }
37
38std::vector<std::string> Text_Policy::allowed_signature_methods() const
39 {
40 return get_list("signature_methods", Policy::allowed_signature_methods());
41 }
42
44 {
45 return get_bool("use_ecc_point_compression", Policy::use_ecc_point_compression());
46 }
47
49 {
50 return get_bool("allow_tls10", Policy::allow_tls10());
51 }
52
54 {
55 return get_bool("allow_tls11", Policy::allow_tls11());
56 }
57
59 {
60 return get_bool("allow_tls12", Policy::allow_tls12());
61 }
62
64 {
65 return get_bool("allow_dtls10", Policy::allow_dtls10());
66 }
67
69 {
70 return get_bool("allow_dtls12", Policy::allow_dtls12());
71 }
72
74 {
75 return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation());
76 }
77
79 {
80 return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random());
81 }
82
84 {
85 return get_bool("require_client_certificate_authentication", Policy::require_client_certificate_authentication());
86 }
87
89 {
90 return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation());
91 }
92
94 {
95 return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation());
96 }
97
99 {
100 return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences());
101 }
102
104 {
105 return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac());
106 }
107
109 {
110 return get_bool("support_cert_status_message", Policy::support_cert_status_message());
111 }
112
113std::vector<Group_Params> Text_Policy::key_exchange_groups() const
114 {
115 std::string group_str = get_str("key_exchange_groups");
116
117 if(group_str.empty())
118 {
119 // fall back to previously used name
120 group_str = get_str("groups");
121 }
122
123 if(group_str.empty())
124 {
126 }
127
128 std::vector<Group_Params> groups;
129 for(std::string group_name : split_on(group_str, ' '))
130 {
131 Group_Params group_id = group_param_from_string(group_name);
132
133 if(group_id == Group_Params::NONE)
134 {
135 try
136 {
137 size_t consumed = 0;
138 unsigned long ll_id = std::stoul(group_name, &consumed, 0);
139 if(consumed != group_name.size())
140 continue; // some other cruft
141
142 const uint16_t id = static_cast<uint16_t>(ll_id);
143
144 if(id != ll_id)
145 continue; // integer too large
146
147 group_id = static_cast<Group_Params>(id);
148 }
149 catch(...)
150 {
151 continue;
152 }
153 }
154
155 if(group_id != Group_Params::NONE)
156 groups.push_back(group_id);
157 }
158
159 return groups;
160 }
161
163 {
164 return get_len("minimum_ecdh_group_size", Policy::minimum_ecdh_group_size());
165 }
166
168 {
169 return get_len("minimum_ecdsa_group_size", Policy::minimum_ecdsa_group_size());
170 }
171
173 {
174 return get_len("minimum_dh_group_size", Policy::minimum_dh_group_size());
175 }
176
178 {
179 return get_len("minimum_rsa_bits", Policy::minimum_rsa_bits());
180 }
181
183 {
184 return get_len("minimum_signature_strength", Policy::minimum_signature_strength());
185 }
186
188 {
189 return get_len("dtls_default_mtu", Policy::dtls_default_mtu());
190 }
191
193 {
194 return get_len("dtls_initial_timeout", Policy::dtls_initial_timeout());
195 }
196
198 {
199 return get_len("dtls_maximum_timeout", Policy::dtls_maximum_timeout());
200 }
201
203 {
204 return get_bool("require_cert_revocation_info", Policy::require_cert_revocation_info());
205 }
206
208 {
209 return get_bool("hide_unknown_users", Policy::hide_unknown_users());
210 }
211
213 {
214 return static_cast<uint32_t>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()));
215 }
216
218 {
219 return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false;
220 }
221
222std::vector<uint16_t> Text_Policy::srtp_profiles() const
223 {
224 std::vector<uint16_t> r;
225 for(std::string p : get_list("srtp_profiles", std::vector<std::string>()))
226 {
227 r.push_back(to_uint16(p));
228 }
229 return r;
230 }
231
232void Text_Policy::set(const std::string& k, const std::string& v)
233 {
234 m_kv[k] = v;
235 }
236
237Text_Policy::Text_Policy(const std::string& s)
238 {
239 std::istringstream iss(s);
240 m_kv = read_cfg(iss);
241 }
242
243Text_Policy::Text_Policy(std::istream& in) : m_kv(read_cfg(in))
244 {}
245
246std::vector<std::string>
247Text_Policy::get_list(const std::string& key,
248 const std::vector<std::string>& def) const
249 {
250 const std::string v = get_str(key);
251
252 if(v.empty())
253 {
254 return def;
255 }
256
257 return split_on(v, ' ');
258 }
259
260size_t Text_Policy::get_len(const std::string& key, size_t def) const
261 {
262 const std::string v = get_str(key);
263
264 if(v.empty())
265 {
266 return def;
267 }
268
269 return to_u32bit(v);
270 }
271
272bool Text_Policy::get_bool(const std::string& key, bool def) const
273 {
274 const std::string v = get_str(key);
275
276 if(v.empty())
277 {
278 return def;
279 }
280
281 if(v == "true" || v == "True")
282 {
283 return true;
284 }
285 else if(v == "false" || v == "False")
286 {
287 return false;
288 }
289 else
290 {
291 throw Decoding_Error("Invalid boolean '" + v + "'");
292 }
293 }
294
295std::string Text_Policy::get_str(const std::string& key, const std::string& def) const
296 {
297 auto i = m_kv.find(key);
298 if(i == m_kv.end())
299 {
300 return def;
301 }
302
303 return i->second;
304 }
305
306bool Text_Policy::set_value(const std::string& key, const std::string& val, bool overwrite)
307 {
308 auto i = m_kv.find(key);
309
310 if(overwrite == false && i != m_kv.end())
311 return false;
312
313 m_kv.insert(i, std::make_pair(key, val));
314 return true;
315 }
316
317}
318
319}
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:340
virtual size_t dtls_maximum_timeout() const
Definition: tls_policy.cpp:356
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:197
virtual size_t dtls_default_mtu() const
Definition: tls_policy.cpp:358
virtual bool allow_tls12() const
Definition: tls_policy.cpp:337
virtual bool require_client_certificate_authentication() const
Definition: tls_policy.cpp:347
virtual std::vector< Group_Params > key_exchange_groups() const
Definition: tls_policy.cpp:162
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:338
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:213
virtual bool allow_client_initiated_renegotiation() const
Definition: tls_policy.cpp:332
virtual bool require_cert_revocation_info() const
Definition: tls_policy.cpp:208
virtual bool allow_tls10() const
Definition: tls_policy.cpp:335
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:343
virtual bool server_uses_own_ciphersuite_preferences() const
Definition: tls_policy.cpp:342
virtual uint32_t session_ticket_lifetime() const
Definition: tls_policy.cpp:268
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:344
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:77
virtual bool hide_unknown_users() const
Definition: tls_policy.cpp:341
virtual bool allow_tls11() const
Definition: tls_policy.cpp:336
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:92
virtual size_t dtls_initial_timeout() const
Definition: tls_policy.cpp:355
virtual bool use_ecc_point_compression() const
Definition: tls_policy.cpp:127
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:339
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:186
virtual bool allow_insecure_renegotiation() const
Definition: tls_policy.cpp:334
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:42
virtual bool send_fallback_scsv(Protocol_Version version) const
Definition: tls_policy.cpp:273
virtual size_t minimum_signature_strength() const
Definition: tls_policy.cpp:203
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:106
virtual size_t minimum_ecdsa_group_size() const
Definition: tls_policy.cpp:191
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:67
virtual bool allow_server_initiated_renegotiation() const
Definition: tls_policy.cpp:333
Text_Policy(const std::string &s)
size_t dtls_initial_timeout() const override
bool allow_dtls12() const override
bool set_value(const std::string &key, const std::string &val, bool overwrite)
bool server_uses_own_ciphersuite_preferences() const override
bool send_fallback_scsv(Protocol_Version version) const override
bool include_time_in_hello_random() const override
bool allow_client_initiated_renegotiation() const override
std::string get_str(const std::string &key, const std::string &def="") const
bool support_cert_status_message() const override
std::vector< std::string > allowed_signature_methods() const override
std::vector< Group_Params > key_exchange_groups() const override
bool require_cert_revocation_info() const override
std::vector< std::string > allowed_key_exchange_methods() const override
bool allow_tls10() const override
size_t minimum_ecdsa_group_size() const override
uint32_t session_ticket_lifetime() const override
std::vector< std::string > allowed_signature_hashes() const override
std::vector< uint16_t > srtp_profiles() const override
bool allow_dtls10() const override
bool hide_unknown_users() const override
std::vector< std::string > allowed_ciphers() const override
size_t minimum_ecdh_group_size() const override
bool allow_server_initiated_renegotiation() const override
bool get_bool(const std::string &key, bool def) const
size_t minimum_signature_strength() const override
bool negotiate_encrypt_then_mac() const override
bool require_client_certificate_authentication() const override
void set(const std::string &k, const std::string &v)
size_t dtls_maximum_timeout() const override
size_t get_len(const std::string &key, size_t def) const
bool allow_insecure_renegotiation() const override
bool allow_tls12() const override
bool use_ecc_point_compression() const override
size_t dtls_default_mtu() const override
size_t minimum_rsa_bits() const override
std::vector< std::string > allowed_macs() const override
size_t minimum_dh_group_size() const override
bool allow_tls11() const override
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const
Group_Params group_param_from_string(const std::string &group_name)
Definition: tls_algos.cpp:124
Definition: alg_id.cpp:13
std::map< std::string, std::string > read_cfg(std::istream &is)
Definition: read_cfg.cpp:28
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:148
uint16_t to_uint16(const std::string &str)
Definition: parsing.cpp:25
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:35