Botan  2.6.0
Crypto and TLS for C++11
tls_text_policy.cpp
Go to the documentation of this file.
1 /*
2 * Text-Based TLS Policy
3 * (C) 2016,2017 Jack Lloyd
4 * 2017 Harry Reimann, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/tls_policy.h>
10 #include <botan/exceptn.h>
11 #include <botan/parsing.h>
12 #include <sstream>
13 
14 namespace Botan {
15 
16 namespace TLS {
17 
18 std::vector<std::string> Text_Policy::allowed_ciphers() const
19  {
20  return get_list("ciphers", Policy::allowed_ciphers());
21  }
22 
23 std::vector<std::string> Text_Policy::allowed_signature_hashes() const
24  {
25  return get_list("signature_hashes", Policy::allowed_signature_hashes());
26  }
27 
28 std::vector<std::string> Text_Policy::allowed_macs() const
29  {
30  return get_list("macs", Policy::allowed_macs());
31  }
32 
33 std::vector<std::string> Text_Policy::allowed_key_exchange_methods() const
34  {
35  return get_list("key_exchange_methods", Policy::allowed_key_exchange_methods());
36  }
37 
38 std::vector<std::string> Text_Policy::allowed_signature_methods() const
39  {
40  return get_list("signature_methods", Policy::allowed_signature_methods());
41  }
42 
44  {
45  return get_bool("use_ecc_point_compression", Policy::use_ecc_point_compression());
46  }
47 
49  {
50  return get_bool("allow_tls10", Policy::allow_tls10());
51  }
52 
54  {
55  return get_bool("allow_tls11", Policy::allow_tls11());
56  }
57 
59  {
60  return get_bool("allow_tls12", Policy::allow_tls12());
61  }
62 
64  {
65  return get_bool("allow_dtls10", Policy::allow_dtls10());
66  }
67 
69  {
70  return get_bool("allow_dtls12", Policy::allow_dtls12());
71  }
72 
74  {
75  return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation());
76  }
77 
79  {
80  return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random());
81  }
82 
84  {
85  return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation());
86  }
87 
89  {
90  return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation());
91  }
92 
94  {
95  return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences());
96  }
97 
99  {
100  return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac());
101  }
102 
104  {
105  return get_bool("support_cert_status_message", Policy::support_cert_status_message());
106  }
107 
108 std::vector<Group_Params> Text_Policy::key_exchange_groups() const
109  {
110  std::string group_str = get_str("key_exchange_groups");
111 
112  if(group_str.empty())
113  {
114  // fall back to previously used name
115  group_str = get_str("groups");
116  }
117 
118  if(group_str.empty())
119  {
121  }
122 
123  std::vector<Group_Params> groups;
124  for(std::string group_name : split_on(group_str, ' '))
125  {
126  Group_Params group_id = group_param_from_string(group_name);
127 
128  if(group_id == Group_Params::NONE)
129  {
130  try
131  {
132  size_t consumed = 0;
133  unsigned long ll_id = std::stoul(group_name, &consumed, 0);
134  if(consumed != group_name.size())
135  continue; // some other cruft
136 
137  const uint16_t id = static_cast<uint16_t>(ll_id);
138 
139  if(id != ll_id)
140  continue; // integer too large
141 
142  group_id = static_cast<Group_Params>(id);
143  }
144  catch(...)
145  {
146  continue;
147  }
148  }
149 
150  if(group_id != Group_Params::NONE)
151  groups.push_back(group_id);
152  }
153 
154  return groups;
155  }
156 
158  {
159  return get_len("minimum_ecdh_group_size", Policy::minimum_ecdh_group_size());
160  }
161 
163  {
164  return get_len("minimum_ecdsa_group_size", Policy::minimum_ecdsa_group_size());
165  }
166 
168  {
169  return get_len("minimum_dh_group_size", Policy::minimum_dh_group_size());
170  }
171 
173  {
174  return get_len("minimum_rsa_bits", Policy::minimum_rsa_bits());
175  }
176 
178  {
179  return get_len("minimum_signature_strength", Policy::minimum_signature_strength());
180  }
181 
183  {
184  return get_len("dtls_default_mtu", Policy::dtls_default_mtu());
185  }
186 
188  {
189  return get_len("dtls_initial_timeout", Policy::dtls_initial_timeout());
190  }
191 
193  {
194  return get_len("dtls_maximum_timeout", Policy::dtls_maximum_timeout());
195  }
196 
198  {
199  return get_bool("require_cert_revocation_info", Policy::require_cert_revocation_info());
200  }
201 
203  {
204  return get_bool("hide_unknown_users", Policy::hide_unknown_users());
205  }
206 
208  {
209  return static_cast<uint32_t>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime()));
210  }
211 
213  {
214  return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false;
215  }
216 
217 std::vector<uint16_t> Text_Policy::srtp_profiles() const
218  {
219  std::vector<uint16_t> r;
220  for(std::string p : get_list("srtp_profiles", std::vector<std::string>()))
221  {
222  r.push_back(to_uint16(p));
223  }
224  return r;
225  }
226 
227 void Text_Policy::set(const std::string& k, const std::string& v)
228  {
229  m_kv[k] = v;
230  }
231 
232 Text_Policy::Text_Policy(const std::string& s)
233  {
234  std::istringstream iss(s);
235  m_kv = read_cfg(iss);
236  }
237 
238 Text_Policy::Text_Policy(std::istream& in) : m_kv(read_cfg(in))
239  {}
240 
241 std::vector<std::string>
242 Text_Policy::get_list(const std::string& key,
243  const std::vector<std::string>& def) const
244  {
245  const std::string v = get_str(key);
246 
247  if(v.empty())
248  {
249  return def;
250  }
251 
252  return split_on(v, ' ');
253  }
254 
255 size_t Text_Policy::get_len(const std::string& key, size_t def) const
256  {
257  const std::string v = get_str(key);
258 
259  if(v.empty())
260  {
261  return def;
262  }
263 
264  return to_u32bit(v);
265  }
266 
267 bool Text_Policy::get_bool(const std::string& key, bool def) const
268  {
269  const std::string v = get_str(key);
270 
271  if(v.empty())
272  {
273  return def;
274  }
275 
276  if(v == "true" || v == "True")
277  {
278  return true;
279  }
280  else if(v == "false" || v == "False")
281  {
282  return false;
283  }
284  else
285  {
286  throw Exception("Invalid boolean '" + v + "'");
287  }
288  }
289 
290 std::string Text_Policy::get_str(const std::string& key, const std::string& def) const
291  {
292  auto i = m_kv.find(key);
293  if(i == m_kv.end())
294  {
295  return def;
296  }
297 
298  return i->second;
299  }
300 
301 bool Text_Policy::set_value(const std::string& key, const std::string& val, bool overwrite)
302  {
303  auto i = m_kv.find(key);
304 
305  if(overwrite == false && i != m_kv.end())
306  return false;
307 
308  m_kv.insert(i, std::make_pair(key, val));
309  return true;
310  }
311 
312 }
313 
314 }
uint32_t session_ticket_lifetime() const override
virtual bool allow_tls11() const
Definition: tls_policy.cpp:319
std::vector< Group_Params > key_exchange_groups() const override
uint16_t to_uint16(const std::string &str)
Definition: parsing.cpp:21
virtual size_t dtls_default_mtu() const
Definition: tls_policy.cpp:333
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:191
std::vector< std::string > allowed_key_exchange_methods() const override
virtual bool allow_server_initiated_renegotiation() const
Definition: tls_policy.cpp:316
bool allow_tls11() const override
bool use_ecc_point_compression() const override
bool negotiate_encrypt_then_mac() const override
size_t minimum_rsa_bits() const override
std::vector< std::string > split_on(const std::string &str, char delim)
Definition: parsing.cpp:144
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:207
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:326
size_t minimum_ecdsa_group_size() const override
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:323
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:40
bool server_uses_own_ciphersuite_preferences() const override
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:75
virtual bool use_ecc_point_compression() const
Definition: tls_policy.cpp:125
bool allow_tls12() const override
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:31
bool support_cert_status_message() const override
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:65
bool set_value(const std::string &key, const std::string &val, bool overwrite)
bool send_fallback_scsv(Protocol_Version version) const override
std::vector< uint16_t > srtp_profiles() const override
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:180
virtual bool require_cert_revocation_info() const
Definition: tls_policy.cpp:202
virtual bool allow_insecure_renegotiation() const
Definition: tls_policy.cpp:317
bool get_bool(const std::string &key, bool def) const
std::map< std::string, std::string > read_cfg(std::istream &is)
Definition: read_cfg.cpp:28
std::vector< std::string > allowed_ciphers() const override
virtual std::vector< Group_Params > key_exchange_groups() const
Definition: tls_policy.cpp:160
virtual size_t dtls_initial_timeout() const
Definition: tls_policy.cpp:330
virtual size_t minimum_ecdsa_group_size() const
Definition: tls_policy.cpp:185
virtual bool send_fallback_scsv(Protocol_Version version) const
Definition: tls_policy.cpp:267
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:90
std::string get_str(const std::string &key, const std::string &def="") const
bool allow_client_initiated_renegotiation() const override
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:321
bool allow_server_initiated_renegotiation() const override
bool hide_unknown_users() const override
bool include_time_in_hello_random() const override
std::vector< std::string > allowed_signature_hashes() const override
Definition: alg_id.cpp:13
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const
size_t dtls_maximum_timeout() const override
Text_Policy(const std::string &s)
virtual bool support_cert_status_message() const
Definition: tls_policy.cpp:327
virtual size_t minimum_signature_strength() const
Definition: tls_policy.cpp:197
bool allow_insecure_renegotiation() const override
bool allow_dtls10() const override
void set(const std::string &k, const std::string &v)
std::vector< std::string > allowed_signature_methods() const override
virtual size_t dtls_maximum_timeout() const
Definition: tls_policy.cpp:331
virtual bool allow_tls12() const
Definition: tls_policy.cpp:320
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:322
bool allow_tls10() const override
Group_Params group_param_from_string(const std::string &group_name)
Definition: tls_algos.cpp:124
size_t minimum_ecdh_group_size() const override
bool require_cert_revocation_info() const override
size_t minimum_dh_group_size() const override
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:104
size_t minimum_signature_strength() const override
bool allow_dtls12() const override
size_t dtls_initial_timeout() const override
virtual bool server_uses_own_ciphersuite_preferences() const
Definition: tls_policy.cpp:325
virtual bool hide_unknown_users() const
Definition: tls_policy.cpp:324
size_t dtls_default_mtu() const override
std::vector< std::string > allowed_macs() const override
virtual bool allow_client_initiated_renegotiation() const
Definition: tls_policy.cpp:315
virtual uint32_t session_ticket_lifetime() const
Definition: tls_policy.cpp:262
virtual bool allow_tls10() const
Definition: tls_policy.cpp:318
size_t get_len(const std::string &key, size_t def) const