Botan  2.4.0
Crypto and TLS for C++11
tls_text_policy.cpp
Go to the documentation of this file.
1 /*
2 * Text-Based TLS Policy
3 * (C) 2016,2017 Jack Lloyd
4 * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/tls_policy.h>
10 #include <botan/exceptn.h>
11 #include <botan/parsing.h>
12 #include <sstream>
13 
14 namespace Botan {
15 
16 namespace TLS {
17 
18 std::vector<std::string> Text_Policy::allowed_ciphers() const
19  {
20  return get_list("ciphers", Policy::allowed_ciphers());
21  }
22 
23 std::vector<std::string> Text_Policy::allowed_signature_hashes() const
24  {
25  return get_list("signature_hashes", Policy::allowed_signature_hashes());
26  }
27 
28 std::vector<std::string> Text_Policy::allowed_macs() const
29  {
30  return get_list("macs", Policy::allowed_macs());
31  }
32 
33 std::vector<std::string> Text_Policy::allowed_key_exchange_methods() const
34  {
35  return get_list("key_exchange_methods", Policy::allowed_key_exchange_methods());
36  }
37 
38 std::vector<std::string> Text_Policy::allowed_signature_methods() const
39  {
40  return get_list("signature_methods", Policy::allowed_signature_methods());
41  }
42 
43 std::vector<std::string> Text_Policy::allowed_ecc_curves() const
44  {
45  return get_list("ecc_curves", Policy::allowed_ecc_curves());
46  }
47 
49  {
50  return get_bool("use_ecc_point_compression", Policy::use_ecc_point_compression());
51  }
52 
54  {
55  return get_bool("allow_tls10", Policy::allow_tls10());
56  }
57 
59  {
60  return get_bool("allow_tls11", Policy::allow_tls11());
61  }
62 
64  {
65  return get_bool("allow_tls12", Policy::allow_tls12());
66  }
67 
69  {
70  return get_bool("allow_dtls10", Policy::allow_dtls10());
71  }
72 
74  {
75  return get_bool("allow_dtls12", Policy::allow_dtls12());
76  }
77 
79  {
80  return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation());
81  }
82 
84  {
85  return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random());
86  }
87 
89  {
90  return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation());
91  }
93  {
94  return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation());
95  }
96 
98  {
99  return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences());
100  }
101 
103  {
104  return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac());
105  }
106 
108  {
109  return get_bool("support_cert_status_message", Policy::support_cert_status_message());
110  }
111 
112 std::string Text_Policy::dh_group() const
113  {
114  return get_str("dh_group", Policy::dh_group());
115  }
116 
117 std::vector<std::string> Text_Policy::allowed_groups() const
118  {
119  return get_list("groups", Policy::allowed_groups());
120  }
121 
123  {
124  return get_len("minimum_ecdh_group_size", Policy::minimum_ecdh_group_size());
125  }
126 
128  {
129  return get_len("minimum_ecdsa_group_size", Policy::minimum_ecdsa_group_size());
130  }
131 
133  {
134  return get_len("minimum_dh_group_size", Policy::minimum_dh_group_size());
135  }
136 
138  {
139  return get_len("minimum_rsa_bits", Policy::minimum_rsa_bits());
140  }
141 
143  {
144  return get_len("minimum_signature_strength", Policy::minimum_signature_strength());
145  }
146 
148  {
149  return get_len("dtls_default_mtu", Policy::dtls_default_mtu());
150  }
151 
153  {
154  return get_len("dtls_initial_timeout", Policy::dtls_initial_timeout());
155  }
156 
158  {
159  return get_len("dtls_maximum_timeout", Policy::dtls_maximum_timeout());
160  }
161 
163  {
164  return get_bool("require_cert_revocation_info", Policy::require_cert_revocation_info());
165  }
166 
168  {
169  return get_bool("hide_unknown_users", Policy::hide_unknown_users());
170  }
171 
173  {
174  return static_cast<uint32_t>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()));
175  }
176 
178  {
179  return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false;
180  }
181 
182 std::vector<uint16_t> Text_Policy::srtp_profiles() const
183  {
184  std::vector<uint16_t> r;
185  for(std::string p : get_list("srtp_profiles", std::vector<std::string>()))
186  {
187  r.push_back(to_uint16(p));
188  }
189  return r;
190  }
191 
192 void Text_Policy::set(const std::string& k, const std::string& v)
193  {
194  m_kv[k] = v;
195  }
196 
197 Text_Policy::Text_Policy(const std::string& s)
198  {
199  std::istringstream iss(s);
200  m_kv = read_cfg(iss);
201  }
202 
203 Text_Policy::Text_Policy(std::istream& in) : m_kv(read_cfg(in))
204  {}
205 
206 std::vector<std::string>
207 Text_Policy::get_list(const std::string& key,
208  const std::vector<std::string>& def) const
209  {
210  const std::string v = get_str(key);
211 
212  if(v.empty())
213  {
214  return def;
215  }
216 
217  return split_on(v, ' ');
218  }
219 
220 size_t Text_Policy::get_len(const std::string& key, size_t def) const
221  {
222  const std::string v = get_str(key);
223 
224  if(v.empty())
225  {
226  return def;
227  }
228 
229  return to_u32bit(v);
230  }
231 
232 bool Text_Policy::get_bool(const std::string& key, bool def) const
233  {
234  const std::string v = get_str(key);
235 
236  if(v.empty())
237  {
238  return def;
239  }
240 
241  if(v == "true" || v == "True")
242  {
243  return true;
244  }
245  else if(v == "false" || v == "False")
246  {
247  return false;
248  }
249  else
250  {
251  throw Exception("Invalid boolean '" + v + "'");
252  }
253  }
254 
255 std::string Text_Policy::get_str(const std::string& key, const std::string& def) const
256  {
257  auto i = m_kv.find(key);
258  if(i == m_kv.end())
259  {
260  return def;
261  }
262 
263  return i->second;
264  }
265 
266 bool Text_Policy::set_value(const std::string& key, const std::string& val, bool overwrite)
267  {
268  auto i = m_kv.find(key);
269 
270  if(overwrite == false && i != m_kv.end())
271  return false;
272 
273  m_kv.insert(i, std::make_pair(key, val));
274  return true;
275  }
276 
277 }
278 
279 }
uint32_t session_ticket_lifetime() const override
virtual bool allow_tls11() const
Definition: tls_policy.cpp:337
uint16_t to_uint16(const std::string &str)
Definition: parsing.cpp:19
virtual size_t dtls_default_mtu() const
Definition: tls_policy.cpp:351
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:202
std::vector< std::string > allowed_key_exchange_methods() const override
virtual bool allow_server_initiated_renegotiation() const
Definition: tls_policy.cpp:334
bool allow_tls11() const override
bool use_ecc_point_compression() const override
bool negotiate_encrypt_then_mac() const override
std::string dh_group() const override
size_t minimum_rsa_bits() const override
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:142
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:218
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:344
size_t minimum_ecdsa_group_size() const override
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:341
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:23
bool server_uses_own_ciphersuite_preferences() const override
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:58
virtual std::string dh_group() const
Definition: tls_policy.cpp:166
virtual bool use_ecc_point_compression() const
Definition: tls_policy.cpp:131
bool allow_tls12() const override
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:29
bool support_cert_status_message() const override
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:48
bool set_value(const std::string &key, const std::string &val, bool overwrite)
bool send_fallback_scsv(Protocol_Version version) const override
std::vector< uint16_t > srtp_profiles() const override
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:191
virtual bool require_cert_revocation_info() const
Definition: tls_policy.cpp:213
virtual bool allow_insecure_renegotiation() const
Definition: tls_policy.cpp:335
bool get_bool(const std::string &key, bool def) const
std::map< std::string, std::string > read_cfg(std::istream &is)
Definition: read_cfg.cpp:28
std::vector< std::string > allowed_ciphers() const override
virtual size_t dtls_initial_timeout() const
Definition: tls_policy.cpp:348
virtual size_t minimum_ecdsa_group_size() const
Definition: tls_policy.cpp:196
virtual bool send_fallback_scsv(Protocol_Version version) const
Definition: tls_policy.cpp:286
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:73
std::string get_str(const std::string &key, const std::string &def="") const
virtual std::vector< std::string > allowed_groups() const
Definition: tls_policy.cpp:172
bool allow_client_initiated_renegotiation() const override
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:339
bool allow_server_initiated_renegotiation() const override
bool hide_unknown_users() const override
bool include_time_in_hello_random() const override
std::vector< std::string > allowed_signature_hashes() const override
Definition: alg_id.cpp:13
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const
size_t dtls_maximum_timeout() const override
Text_Policy(const std::string &s)
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:345
virtual std::vector< std::string > allowed_ecc_curves() const
Definition: tls_policy.cpp:107
virtual size_t minimum_signature_strength() const
Definition: tls_policy.cpp:208
bool allow_insecure_renegotiation() const override
bool allow_dtls10() const override
void set(const std::string &k, const std::string &v)
std::vector< std::string > allowed_signature_methods() const override
virtual size_t dtls_maximum_timeout() const
Definition: tls_policy.cpp:349
virtual bool allow_tls12() const
Definition: tls_policy.cpp:338
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:340
bool allow_tls10() const override
size_t minimum_ecdh_group_size() const override
bool require_cert_revocation_info() const override
size_t minimum_dh_group_size() const override
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:87
std::vector< std::string > allowed_groups() const override
size_t minimum_signature_strength() const override
bool allow_dtls12() const override
size_t dtls_initial_timeout() const override
virtual bool server_uses_own_ciphersuite_preferences() const
Definition: tls_policy.cpp:343
virtual bool hide_unknown_users() const
Definition: tls_policy.cpp:342
size_t dtls_default_mtu() const override
std::vector< std::string > allowed_ecc_curves() const override
std::vector< std::string > allowed_macs() const override
virtual bool allow_client_initiated_renegotiation() const
Definition: tls_policy.cpp:333
virtual uint32_t session_ticket_lifetime() const
Definition: tls_policy.cpp:281
virtual bool allow_tls10() const
Definition: tls_policy.cpp:336
size_t get_len(const std::string &key, size_t def) const