Botan  1.10.9
tls_policy.cpp
Go to the documentation of this file.
1 /*
2 * Policies for TLS
3 * (C) 2004-2010 Jack Lloyd
4 *
5 * Released under the terms of the Botan license
6 */
7 
8 #include <botan/tls_policy.h>
9 #include <botan/tls_exceptn.h>
10 
11 namespace Botan {
12 
13 /*
14 * Return allowed ciphersuites
15 */
16 std::vector<u16bit> TLS_Policy::ciphersuites() const
17  {
18  return suite_list(allow_static_rsa(), allow_edh_rsa(), allow_edh_dsa());
19  }
20 
21 /*
22 * Return allowed ciphersuites
23 */
24 std::vector<u16bit> TLS_Policy::suite_list(bool use_rsa,
25  bool use_edh_rsa,
26  bool use_edh_dsa) const
27  {
28  std::vector<u16bit> suites;
29 
30  if(use_edh_dsa)
31  {
32  suites.push_back(TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
33  suites.push_back(TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
34  suites.push_back(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
35  suites.push_back(TLS_DHE_DSS_WITH_SEED_CBC_SHA);
36  }
37 
38  if(use_edh_rsa)
39  {
40  suites.push_back(TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
41  suites.push_back(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
42  suites.push_back(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
43  suites.push_back(TLS_DHE_RSA_WITH_SEED_CBC_SHA);
44  }
45 
46  if(use_rsa)
47  {
48  suites.push_back(TLS_RSA_WITH_AES_256_CBC_SHA);
49  suites.push_back(TLS_RSA_WITH_AES_128_CBC_SHA);
50  suites.push_back(TLS_RSA_WITH_3DES_EDE_CBC_SHA);
51  suites.push_back(TLS_RSA_WITH_SEED_CBC_SHA);
52  suites.push_back(TLS_RSA_WITH_RC4_128_SHA);
53  suites.push_back(TLS_RSA_WITH_RC4_128_MD5);
54  }
55 
56  if(suites.size() == 0)
57  throw TLS_Exception(INTERNAL_ERROR,
58  "TLS_Policy error: All ciphersuites disabled");
59 
60  suites.push_back(TLS_NO_RENEGOTIATION_SCSV);
61 
62  return suites;
63  }
64 
65 /*
66 * Return allowed compression algorithms
67 */
68 std::vector<byte> TLS_Policy::compression() const
69  {
70  std::vector<byte> algs;
71  algs.push_back(NO_COMPRESSION);
72  return algs;
73  }
74 
75 /*
76 * Choose which ciphersuite to use
77 */
78 u16bit TLS_Policy::choose_suite(const std::vector<u16bit>& c_suites,
79  bool have_rsa,
80  bool have_dsa) const
81  {
82  bool use_static_rsa = allow_static_rsa() && have_rsa;
83  bool use_edh_rsa = allow_edh_rsa() && have_rsa;
84  bool use_edh_dsa = allow_edh_dsa() && have_dsa;
85 
86  std::vector<u16bit> s_suites = suite_list(use_static_rsa, use_edh_rsa,
87  use_edh_dsa);
88 
89  for(size_t i = 0; i != s_suites.size(); ++i)
90  for(size_t j = 0; j != c_suites.size(); ++j)
91  if(s_suites[i] == c_suites[j])
92  return s_suites[i];
93 
94  return 0;
95  }
96 
97 /*
98 * Choose which compression algorithm to use
99 */
100 byte TLS_Policy::choose_compression(const std::vector<byte>& c_comp) const
101  {
102  std::vector<byte> s_comp = compression();
103 
104  for(size_t i = 0; i != s_comp.size(); ++i)
105  for(size_t j = 0; j != c_comp.size(); ++j)
106  if(s_comp[i] == c_comp[j])
107  return s_comp[i];
108 
109  return NO_COMPRESSION;
110  }
111 
112 /*
113 * Return the group to use for empheral DH
114 */
116  {
117  return DL_Group("modp/ietf/1024");
118  }
119 
120 }
virtual byte choose_compression(const std::vector< byte > &client) const
Definition: tls_policy.cpp:100
virtual u16bit choose_suite(const std::vector< u16bit > &client_suites, bool rsa_ok, bool dsa_ok) const
Definition: tls_policy.cpp:78
virtual bool allow_edh_rsa() const
Definition: tls_policy.h:35
virtual DL_Group dh_group() const
Definition: tls_policy.cpp:115
virtual bool allow_edh_dsa() const
Definition: tls_policy.h:36
std::vector< u16bit > ciphersuites() const
Definition: tls_policy.cpp:16
unsigned char byte
Definition: types.h:22
virtual std::vector< byte > compression() const
Definition: tls_policy.cpp:68
unsigned short u16bit
Definition: types.h:27
virtual bool allow_static_rsa() const
Definition: tls_policy.h:34