Botan  1.11.15
Public Member Functions
Botan::TLS::Policy Class Reference

#include <tls_policy.h>

Inheritance diagram for Botan::TLS::Policy:
Botan::TLS::Datagram_Policy Botan::TLS::NSA_Suite_B_128 Botan::TLS::Strict_Policy Botan::TLS::Text_Policy

List of all members.

Public Member Functions

virtual bool acceptable_ciphersuite (const Ciphersuite &suite) const
virtual bool acceptable_protocol_version (Protocol_Version version) const
virtual bool allow_insecure_renegotiation () const
virtual bool allow_server_initiated_renegotiation () const
virtual std::vector< std::string > allowed_ciphers () const
virtual std::vector< std::string > allowed_ecc_curves () const
virtual std::vector< std::string > allowed_key_exchange_methods () const
virtual std::vector< std::string > allowed_macs () const
virtual std::vector< std::string > allowed_signature_hashes () const
virtual std::vector< std::string > allowed_signature_methods () const
virtual std::string choose_curve (const std::vector< std::string > &curve_names) const
virtual std::vector< u16bitciphersuite_list (Protocol_Version version, bool have_srp) const
virtual std::vector< bytecompression () const
virtual std::string dh_group () const
virtual bool hide_unknown_users () const
virtual bool include_time_in_hello_random () const
virtual Protocol_Version latest_supported_version (bool datagram) const
virtual size_t minimum_dh_group_size () const
virtual bool negotiate_heartbeat_support () const
virtual void print (std::ostream &o) const
virtual bool send_fallback_scsv (Protocol_Version version) const
virtual bool server_uses_own_ciphersuite_preferences () const
virtual u32bit session_ticket_lifetime () const
virtual std::vector< u16bitsrtp_profiles () const
virtual ~Policy ()

Detailed Description

TLS Policy Base Class Inherit and overload as desired to suit local policy concerns

Definition at line 25 of file tls_policy.h.


Constructor & Destructor Documentation

virtual Botan::TLS::Policy::~Policy ( ) [inline, virtual]

Definition at line 178 of file tls_policy.h.

{}

Member Function Documentation

bool Botan::TLS::Policy::acceptable_ciphersuite ( const Ciphersuite suite) const [virtual]

Allows policy to reject any ciphersuites which are undesirable for whatever reason without having to reimplement ciphersuite_list

Definition at line 166 of file tls_policy.cpp.

Referenced by ciphersuite_list().

   {
   return true;
   }
Returns:
true if and only if we are willing to accept this version Default accepts TLS v1.0 and later or DTLS v1.2 or later.

Reimplemented in Botan::TLS::Strict_Policy, Botan::TLS::Datagram_Policy, and Botan::TLS::NSA_Suite_B_128.

Definition at line 150 of file tls_policy.cpp.

References Botan::TLS::Protocol_Version::DTLS_V12, Botan::TLS::Protocol_Version::is_datagram_protocol(), and Botan::TLS::Protocol_Version::TLS_V10.

Referenced by Botan::TLS::Client_Hello::Client_Hello().

   {
   if(version.is_datagram_protocol())
      return (version >= Protocol_Version::DTLS_V12);
   else
      return (version >= Protocol_Version::TLS_V10);
   }

Allow renegotiation even if the counterparty doesn't support the secure renegotiation extension.

Warning:
Changing this to true exposes you to injected plaintext attacks. Read RFC 5746 for background.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 173 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_insecure_renegotiation(), and print().

{ return false; }

Allow servers to initiate a new handshake

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 172 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_server_initiated_renegotiation(), and print().

{ return false; }
std::vector< std::string > Botan::TLS::Policy::allowed_ciphers ( ) const [virtual]

Returns a list of ciphers we are willing to negotiate, in order of preference.

Reimplemented in Botan::TLS::Text_Policy, Botan::TLS::Strict_Policy, and Botan::TLS::NSA_Suite_B_128.

Definition at line 18 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allowed_ciphers(), ciphersuite_list(), and print().

   {
   return {
      //"AES-256/OCB(12)",
      //"AES-128/OCB(12)",
      "ChaCha20Poly1305",
      "AES-256/GCM",
      "AES-128/GCM",
      "AES-256/CCM",
      "AES-128/CCM",
      "AES-256/CCM(8)",
      "AES-128/CCM(8)",
      //"Camellia-256/GCM",
      //"Camellia-128/GCM",
      "AES-256",
      "AES-128",
      //"Camellia-256",
      //"Camellia-128",
      //"SEED"
      //"3DES",
      //"RC4",
      };
   }
std::vector< std::string > Botan::TLS::Policy::allowed_ecc_curves ( ) const [virtual]

Return list of ECC curves we are willing to use in order of preference

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::NSA_Suite_B_128.

Definition at line 88 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allowed_ecc_curves(), choose_curve(), Botan::TLS::Client_Hello::Client_Hello(), and print().

   {
   return {
      "brainpool512r1",
      "secp521r1",
      "brainpool384r1",
      "secp384r1",
      "brainpool256r1",
      "secp256r1",
      //"secp256k1",
      //"secp224r1",
      //"secp224k1",
      //"secp192r1",
      //"secp192k1",
      //"secp160r2",
      //"secp160r1",
      //"secp160k1",
      };
   }
std::vector< std::string > Botan::TLS::Policy::allowed_key_exchange_methods ( ) const [virtual]

Returns a list of key exchange algorithms we are willing to use, in order of preference. Allowed values: DH, empty string (representing RSA using server certificate key)

Reimplemented in Botan::TLS::Text_Policy, Botan::TLS::Strict_Policy, and Botan::TLS::NSA_Suite_B_128.

Definition at line 65 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allowed_key_exchange_methods(), ciphersuite_list(), and print().

   {
   return {
      "SRP_SHA",
      //"ECDHE_PSK",
      //"DHE_PSK",
      //"PSK",
      "ECDH",
      "DH",
      "RSA",
      };
   }
std::vector< std::string > Botan::TLS::Policy::allowed_macs ( ) const [virtual]

Returns a list of MAC algorithms we are willing to use.

Reimplemented in Botan::TLS::Text_Policy, Botan::TLS::Strict_Policy, Botan::TLS::Datagram_Policy, and Botan::TLS::NSA_Suite_B_128.

Definition at line 54 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allowed_macs(), ciphersuite_list(), and print().

   {
   return {
      "AEAD",
      "SHA-384",
      "SHA-256",
      "SHA-1",
      //"MD5",
      };
   }
std::vector< std::string > Botan::TLS::Policy::allowed_signature_hashes ( ) const [virtual]

Returns a list of hash algorithms we are willing to use for signatures, in order of preference.

Reimplemented in Botan::TLS::Text_Policy, Botan::TLS::Strict_Policy, and Botan::TLS::NSA_Suite_B_128.

Definition at line 42 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allowed_signature_hashes(), Botan::TLS::Client_Hello::Client_Hello(), and print().

   {
   return {
      "SHA-512",
      "SHA-384",
      "SHA-256",
      "SHA-224",
      //"SHA-1",
      //"MD5",
      };
   }
std::vector< std::string > Botan::TLS::Policy::allowed_signature_methods ( ) const [virtual]

Returns a list of signature algorithms we are willing to use, in order of preference. Allowed values RSA and DSA.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::NSA_Suite_B_128.

Definition at line 78 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allowed_signature_methods(), ciphersuite_list(), Botan::TLS::Client_Hello::Client_Hello(), and print().

   {
   return {
      "ECDSA",
      "RSA",
      "DSA",
      //""
      };
   }
std::string Botan::TLS::Policy::choose_curve ( const std::vector< std::string > &  curve_names) const [virtual]

Choose an elliptic curve to use

Definition at line 111 of file tls_policy.cpp.

References allowed_ecc_curves(), and Botan::value_exists().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

   {
   const std::vector<std::string> our_curves = allowed_ecc_curves();

   for(size_t i = 0; i != our_curves.size(); ++i)
      if(value_exists(curve_names, our_curves[i]))
         return our_curves[i];

   return ""; // no shared curve
   }
std::vector< u16bit > Botan::TLS::Policy::ciphersuite_list ( Protocol_Version  version,
bool  have_srp 
) const [virtual]

Return allowed ciphersuites, in order of preference

Definition at line 256 of file tls_policy.cpp.

References acceptable_ciphersuite(), Botan::TLS::Ciphersuite::all_known_ciphersuites(), allowed_ciphers(), allowed_key_exchange_methods(), allowed_macs(), allowed_signature_methods(), Botan::TLS::Protocol_Version::is_datagram_protocol(), order, Botan::TLS::Protocol_Version::supports_aead_modes(), and Botan::value_exists().

   {
   const std::vector<std::string> ciphers = allowed_ciphers();
   const std::vector<std::string> macs = allowed_macs();
   const std::vector<std::string> kex = allowed_key_exchange_methods();
   const std::vector<std::string> sigs = allowed_signature_methods();

   Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs);

   std::set<Ciphersuite, Ciphersuite_Preference_Ordering> ciphersuites(order);

   for(auto&& suite : Ciphersuite::all_known_ciphersuites())
      {
      if(!acceptable_ciphersuite(suite))
         continue;

      if(!have_srp && suite.kex_algo() == "SRP_SHA")
         continue;

      if(version.is_datagram_protocol() && suite.cipher_algo() == "RC4")
         continue;

      if(!version.supports_aead_modes() && suite.mac_algo() == "AEAD")
         continue;

      if(!value_exists(kex, suite.kex_algo()))
         continue; // unsupported key exchange

      if(!value_exists(ciphers, suite.cipher_algo()))
         continue; // unsupported cipher

      if(!value_exists(macs, suite.mac_algo()))
         continue; // unsupported MAC algo

      if(!value_exists(sigs, suite.sig_algo()))
         {
         // allow if it's an empty sig algo and we want to use PSK
         if(suite.sig_algo() != "" || !suite.psk_ciphersuite())
            continue;
         }

      // OK, allow it:
      ciphersuites.insert(suite);
      }

   if(ciphersuites.empty())
      throw std::logic_error("Policy does not allow any available cipher suite");

   std::vector<u16bit> ciphersuite_codes;
   for(auto i : ciphersuites)
      ciphersuite_codes.push_back(i.ciphersuite_code());
   return ciphersuite_codes;
   }
std::vector< byte > Botan::TLS::Policy::compression ( ) const [virtual]

Returns a list of compression algorithms we are willing to use, in order of preference. Allowed values any value of Compression_Method.

Note:
Compression is not currently supported

Definition at line 135 of file tls_policy.cpp.

References Botan::TLS::NO_COMPRESSION.

   {
   return std::vector<byte>{ NO_COMPRESSION };
   }
std::string Botan::TLS::Policy::dh_group ( ) const [virtual]

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 122 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::dh_group(), print(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

   {
   return "modp/ietf/2048";
   }
bool Botan::TLS::Policy::hide_unknown_users ( ) const [virtual]

If this function returns false, unknown SRP/PSK identifiers will be rejected with an unknown_psk_identifier alert as soon as the non-existence is identified. Otherwise, a false identifier value will be used and the protocol allowed to proceed, causing the handshake to eventually fail without revealing that the username does not exist on this system.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 175 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Text_Policy::hide_unknown_users(), print(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

{ return false; }

The protocol dictates that the first 32 bits of the random field are the current time in seconds. However this allows client fingerprinting attacks. Set to false to disable, in which case random bytes will be used instead.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 174 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::include_time_in_hello_random(), Botan::TLS::make_hello_random(), and print().

{ return true; }

Returns the more recent protocol version we are willing to use, for either TLS or DTLS depending on datagram param. Shouldn't ever need to override this unless you want to allow a user to disable use of TLS v1.2 (which is *not recommended*)

Definition at line 158 of file tls_policy.cpp.

References Botan::TLS::Protocol_Version::latest_dtls_version(), and Botan::TLS::Protocol_Version::latest_tls_version().

Referenced by send_fallback_scsv().

size_t Botan::TLS::Policy::minimum_dh_group_size ( ) const [virtual]

Return the minimum DH group size we're willing to use

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 127 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Text_Policy::minimum_dh_group_size(), and print().

   {
   return 1024;
   }

Attempt to negotiate the use of the heartbeat extension

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 171 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Text_Policy::negotiate_heartbeat_support(), print(), and Botan::TLS::Server_Hello::Server_Hello().

{ return false; }
void Botan::TLS::Policy::print ( std::ostream &  o) const [virtual]

Definition at line 335 of file tls_policy.cpp.

References allow_insecure_renegotiation(), allow_server_initiated_renegotiation(), allowed_ciphers(), allowed_ecc_curves(), allowed_key_exchange_methods(), allowed_macs(), allowed_signature_hashes(), allowed_signature_methods(), dh_group(), hide_unknown_users(), include_time_in_hello_random(), minimum_dh_group_size(), negotiate_heartbeat_support(), server_uses_own_ciphersuite_preferences(), and session_ticket_lifetime().

   {
   print_vec(o, "ciphers", allowed_ciphers());
   print_vec(o, "macs", allowed_macs());
   print_vec(o, "signature_hashes", allowed_signature_hashes());
   print_vec(o, "signature_methods", allowed_signature_methods());
   print_vec(o, "key_exchange_methods", allowed_key_exchange_methods());
   print_vec(o, "ecc_curves", allowed_ecc_curves());

   print_bool(o, "negotiate_heartbeat_support", negotiate_heartbeat_support());
   print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation());
   print_bool(o, "include_time_in_hello_random", include_time_in_hello_random());
   print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation());
   print_bool(o, "hide_unknown_users", hide_unknown_users());
   print_bool(o, "server_uses_own_ciphersuite_preferences", server_uses_own_ciphersuite_preferences());
   o << "session_ticket_lifetime = " << session_ticket_lifetime() << '\n';
   o << "dh_group = " << dh_group() << '\n';
   o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
   }
bool Botan::TLS::Policy::send_fallback_scsv ( Protocol_Version  version) const [virtual]

When offering this version, should we send a fallback SCSV? Default returns true iff version is not the latest version the policy allows, exists to allow override in case of interop problems.

Definition at line 145 of file tls_policy.cpp.

References Botan::TLS::Protocol_Version::is_datagram_protocol(), and latest_supported_version().

Referenced by Botan::TLS::Client_Hello::Client_Hello().

   {
   return version != latest_supported_version(version.is_datagram_protocol());
   }
Returns:
true if servers should choose the ciphersuite matching their highest preference, rather than the clients. Has no effect on client side.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 176 of file tls_policy.cpp.

Referenced by print(), and Botan::TLS::Text_Policy::server_uses_own_ciphersuite_preferences().

{ return true; }

Return the allowed lifetime of a session ticket. If 0, session tickets do not expire until the session ticket key rolls over. Expired session tickets cannot be used to resume a session.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 140 of file tls_policy.cpp.

Referenced by print(), and Botan::TLS::Text_Policy::session_ticket_lifetime().

   {
   return 86400; // ~1 day
   }
std::vector< u16bit > Botan::TLS::Policy::srtp_profiles ( ) const [virtual]

If this returns a non-empty vector, and DTLS is negotiated, then we will also attempt to negotiate the SRTP extension from RFC 5764 using the returned values as the profile ids.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 178 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Server_Hello::Server_Hello().

   {
   return std::vector<u16bit>();
   }

The documentation for this class was generated from the following files: