diff options
| author | Jack Lloyd <[email protected]> | 2017-09-21 16:51:12 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-09-21 16:51:12 -0400 |
| commit | 24cab1372a723c68153fd58d30776e238278ccf9 (patch) | |
| tree | 274f4a62a501c1f32aff64fa69c961918f084f6f /src/lib/tls | |
| parent | 5cd468130eb73635daf598292523df787904a47d (diff) | |
De-inline TLS::Text_Policy
Getting a little large to be all defined in a header, and sticking
it in a source file allows removing several includes from tls_policy.h
Diffstat (limited to 'src/lib/tls')
| -rw-r--r-- | src/lib/tls/tls_handshake_state.cpp | 1 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.cpp | 2 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.h | 164 | ||||
| -rw-r--r-- | src/lib/tls/tls_text_policy.cpp | 257 |
4 files changed, 302 insertions, 122 deletions
diff --git a/src/lib/tls/tls_handshake_state.cpp b/src/lib/tls/tls_handshake_state.cpp index d995802ed..9262650e8 100644 --- a/src/lib/tls/tls_handshake_state.cpp +++ b/src/lib/tls/tls_handshake_state.cpp @@ -10,6 +10,7 @@ #include <botan/tls_messages.h> #include <botan/tls_callbacks.h> #include <botan/kdf.h> +#include <sstream> namespace Botan { diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 863958eaa..05a5b8b83 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -11,6 +11,8 @@ #include <botan/tls_magic.h> #include <botan/tls_exceptn.h> #include <botan/internal/stl_util.h> +#include <botan/pk_keys.h> +#include <sstream> namespace Botan { diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index ef31dacbe..7e55f4eca 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -10,13 +10,13 @@ #include <botan/tls_version.h> #include <botan/tls_ciphersuite.h> -#include <botan/x509cert.h> -#include <botan/parsing.h> #include <vector> -#include <sstream> +#include <map> namespace Botan { +class Public_Key; + namespace TLS { /** @@ -439,165 +439,85 @@ class BOTAN_PUBLIC_API(2,0) Text_Policy : public Policy { public: - std::vector<std::string> allowed_ciphers() const override - { return get_list("ciphers", Policy::allowed_ciphers()); } + std::vector<std::string> allowed_ciphers() const override; - std::vector<std::string> allowed_signature_hashes() const override - { return get_list("signature_hashes", Policy::allowed_signature_hashes()); } + std::vector<std::string> allowed_signature_hashes() const override; - std::vector<std::string> allowed_macs() const override - { return get_list("macs", Policy::allowed_macs()); } + std::vector<std::string> allowed_macs() const override; - std::vector<std::string> allowed_key_exchange_methods() const override - { return get_list("key_exchange_methods", Policy::allowed_key_exchange_methods()); } + std::vector<std::string> allowed_key_exchange_methods() const override; - std::vector<std::string> allowed_signature_methods() const override - { return get_list("signature_methods", Policy::allowed_signature_methods()); } + std::vector<std::string> allowed_signature_methods() const override; - std::vector<std::string> allowed_ecc_curves() const override - { return get_list("ecc_curves", Policy::allowed_ecc_curves()); } + std::vector<std::string> allowed_ecc_curves() const override; - bool use_ecc_point_compression() const override - { return get_bool("use_ecc_point_compression", Policy::use_ecc_point_compression()); } + bool use_ecc_point_compression() const override; - bool allow_tls10() const override - { return get_bool("allow_tls10", Policy::allow_tls10()); } + bool allow_tls10() const override; - bool allow_tls11() const override - { return get_bool("allow_tls11", Policy::allow_tls11()); } + bool allow_tls11() const override; - bool allow_tls12() const override - { return get_bool("allow_tls12", Policy::allow_tls12()); } + bool allow_tls12() const override; - bool allow_dtls10() const override - { return get_bool("allow_dtls10", Policy::allow_dtls10()); } + bool allow_dtls10() const override; - bool allow_dtls12() const override - { return get_bool("allow_dtls12", Policy::allow_dtls12()); } + bool allow_dtls12() const override; - bool allow_insecure_renegotiation() const override - { return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation()); } + bool allow_insecure_renegotiation() const override; - bool include_time_in_hello_random() const override - { return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random()); } + bool include_time_in_hello_random() const override; - bool allow_client_initiated_renegotiation() const override - { return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation()); } - bool allow_server_initiated_renegotiation() const override - { return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation()); } + bool allow_client_initiated_renegotiation() const override; + bool allow_server_initiated_renegotiation() const override; - bool server_uses_own_ciphersuite_preferences() const override - { return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences()); } + bool server_uses_own_ciphersuite_preferences() const override; - bool negotiate_encrypt_then_mac() const override - { return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac()); } + bool negotiate_encrypt_then_mac() const override; - std::string dh_group() const override - { return get_str("dh_group", Policy::dh_group()); } + std::string dh_group() const override; - size_t minimum_ecdh_group_size() const override - { return get_len("minimum_ecdh_group_size", Policy::minimum_ecdh_group_size()); } + size_t minimum_ecdh_group_size() const override; - size_t minimum_ecdsa_group_size() const override - { return get_len("minimum_ecdsa_group_size", Policy::minimum_ecdsa_group_size()); } + size_t minimum_ecdsa_group_size() const override; - size_t minimum_dh_group_size() const override - { return get_len("minimum_dh_group_size", Policy::minimum_dh_group_size()); } + size_t minimum_dh_group_size() const override; - size_t minimum_rsa_bits() const override - { return get_len("minimum_rsa_bits", Policy::minimum_rsa_bits()); } + size_t minimum_rsa_bits() const override; - size_t minimum_signature_strength() const override - { return get_len("minimum_signature_strength", Policy::minimum_signature_strength()); } + size_t minimum_signature_strength() const override; - size_t dtls_default_mtu() const override - { return get_len("dtls_default_mtu", Policy::dtls_default_mtu()); } + size_t dtls_default_mtu() const override; - size_t dtls_initial_timeout() const override - { return get_len("dtls_initial_timeout", Policy::dtls_initial_timeout()); } + size_t dtls_initial_timeout() const override; - size_t dtls_maximum_timeout() const override - { return get_len("dtls_maximum_timeout", Policy::dtls_maximum_timeout()); } + size_t dtls_maximum_timeout() const override; - bool require_cert_revocation_info() const override - { return get_bool("require_cert_revocation_info", Policy::require_cert_revocation_info()); } + bool require_cert_revocation_info() const override; - bool hide_unknown_users() const override - { return get_bool("hide_unknown_users", Policy::hide_unknown_users()); } + bool hide_unknown_users() const override; - uint32_t session_ticket_lifetime() const override - { return static_cast<uint32_t>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime())); } + uint32_t session_ticket_lifetime() const override; - bool send_fallback_scsv(Protocol_Version version) const override - { return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false; } + bool send_fallback_scsv(Protocol_Version version) const override; - std::vector<uint16_t> srtp_profiles() const override - { - std::vector<uint16_t> r; - for(std::string p : get_list("srtp_profiles", std::vector<std::string>())) - { - r.push_back(to_uint16(p)); - } - return r; - } + std::vector<uint16_t> srtp_profiles() const override; - void set(const std::string& k, const std::string& v) { m_kv[k] = v; } + void set(const std::string& k, const std::string& v); - explicit Text_Policy(const std::string& s) - { - std::istringstream iss(s); - m_kv = read_cfg(iss); - } + explicit Text_Policy(const std::string& s); - explicit Text_Policy(std::istream& in) : m_kv(read_cfg(in)) - {} + explicit Text_Policy(std::istream& in); protected: std::vector<std::string> get_list(const std::string& key, - const std::vector<std::string>& def) const - { - const std::string v = get_str(key); - - if(v.empty()) - return def; - - return split_on(v, ' '); - } - - size_t get_len(const std::string& key, size_t def) const - { - const std::string v = get_str(key); - - if(v.empty()) - return def; + const std::vector<std::string>& def) const; - return to_u32bit(v); - } - - bool get_bool(const std::string& key, bool def) const - { - const std::string v = get_str(key); - - if(v.empty()) - return def; + size_t get_len(const std::string& key, size_t def) const; - if(v == "true" || v == "True") - return true; - else if(v == "false" || v == "False") - return false; - else - throw Exception("Invalid boolean '" + v + "'"); - } - - std::string get_str(const std::string& key, const std::string& def = "") const - { - auto i = m_kv.find(key); - if(i == m_kv.end()) - return def; + bool get_bool(const std::string& key, bool def) const; - return i->second; - } + std::string get_str(const std::string& key, const std::string& def = "") const; std::map<std::string, std::string> m_kv; }; diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp new file mode 100644 index 000000000..6b3b5af1d --- /dev/null +++ b/src/lib/tls/tls_text_policy.cpp @@ -0,0 +1,257 @@ +/* +* Text-Based TLS Policy +* (C) 2016,2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/tls_policy.h> +#include <botan/exceptn.h> +#include <botan/parsing.h> +#include <sstream> + +namespace Botan { + +namespace TLS { + +std::vector<std::string> Text_Policy::allowed_ciphers() const + { + return get_list("ciphers", Policy::allowed_ciphers()); + } + +std::vector<std::string> Text_Policy::allowed_signature_hashes() const + { + return get_list("signature_hashes", Policy::allowed_signature_hashes()); + } + +std::vector<std::string> Text_Policy::allowed_macs() const + { + return get_list("macs", Policy::allowed_macs()); + } + +std::vector<std::string> Text_Policy::allowed_key_exchange_methods() const + { + return get_list("key_exchange_methods", Policy::allowed_key_exchange_methods()); + } + +std::vector<std::string> Text_Policy::allowed_signature_methods() const + { + return get_list("signature_methods", Policy::allowed_signature_methods()); + } + +std::vector<std::string> Text_Policy::allowed_ecc_curves() const + { + return get_list("ecc_curves", Policy::allowed_ecc_curves()); + } + +bool Text_Policy::use_ecc_point_compression() const + { + return get_bool("use_ecc_point_compression", Policy::use_ecc_point_compression()); + } + +bool Text_Policy::allow_tls10() const + { + return get_bool("allow_tls10", Policy::allow_tls10()); + } + +bool Text_Policy::allow_tls11() const + { + return get_bool("allow_tls11", Policy::allow_tls11()); + } + +bool Text_Policy::allow_tls12() const + { + return get_bool("allow_tls12", Policy::allow_tls12()); + } + +bool Text_Policy::allow_dtls10() const + { + return get_bool("allow_dtls10", Policy::allow_dtls10()); + } + +bool Text_Policy::allow_dtls12() const + { + return get_bool("allow_dtls12", Policy::allow_dtls12()); + } + +bool Text_Policy::allow_insecure_renegotiation() const + { + return get_bool("allow_insecure_renegotiation", Policy::allow_insecure_renegotiation()); + } + +bool Text_Policy::include_time_in_hello_random() const + { + return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random()); + } + +bool Text_Policy::allow_client_initiated_renegotiation() const + { + return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation()); + } +bool Text_Policy::allow_server_initiated_renegotiation() const + { + return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation()); + } + +bool Text_Policy::server_uses_own_ciphersuite_preferences() const + { + return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences()); + } + +bool Text_Policy::negotiate_encrypt_then_mac() const + { + return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac()); + } + +std::string Text_Policy::dh_group() const + { + return get_str("dh_group", Policy::dh_group()); + } + +size_t Text_Policy::minimum_ecdh_group_size() const + { + return get_len("minimum_ecdh_group_size", Policy::minimum_ecdh_group_size()); + } + +size_t Text_Policy::minimum_ecdsa_group_size() const + { + return get_len("minimum_ecdsa_group_size", Policy::minimum_ecdsa_group_size()); + } + +size_t Text_Policy::minimum_dh_group_size() const + { + return get_len("minimum_dh_group_size", Policy::minimum_dh_group_size()); + } + +size_t Text_Policy::minimum_rsa_bits() const + { + return get_len("minimum_rsa_bits", Policy::minimum_rsa_bits()); + } + +size_t Text_Policy::minimum_signature_strength() const + { + return get_len("minimum_signature_strength", Policy::minimum_signature_strength()); + } + +size_t Text_Policy::dtls_default_mtu() const + { + return get_len("dtls_default_mtu", Policy::dtls_default_mtu()); + } + +size_t Text_Policy::dtls_initial_timeout() const + { + return get_len("dtls_initial_timeout", Policy::dtls_initial_timeout()); + } + +size_t Text_Policy::dtls_maximum_timeout() const + { + return get_len("dtls_maximum_timeout", Policy::dtls_maximum_timeout()); + } + +bool Text_Policy::require_cert_revocation_info() const + { + return get_bool("require_cert_revocation_info", Policy::require_cert_revocation_info()); + } + +bool Text_Policy::hide_unknown_users() const + { + return get_bool("hide_unknown_users", Policy::hide_unknown_users()); + } + +uint32_t Text_Policy::session_ticket_lifetime() const + { + return static_cast<uint32_t>(get_len("session_ticket_lifetime", Policy::session_ticket_lifetime())); + } + +bool Text_Policy::send_fallback_scsv(Protocol_Version version) const + { + return get_bool("send_fallback_scsv", false) ? Policy::send_fallback_scsv(version) : false; + } + +std::vector<uint16_t> Text_Policy::srtp_profiles() const + { + std::vector<uint16_t> r; + for(std::string p : get_list("srtp_profiles", std::vector<std::string>())) + { + r.push_back(to_uint16(p)); + } + return r; + } + +void Text_Policy::set(const std::string& k, const std::string& v) + { + m_kv[k] = v; + } + +Text_Policy::Text_Policy(const std::string& s) + { + std::istringstream iss(s); + m_kv = read_cfg(iss); + } + +Text_Policy::Text_Policy(std::istream& in) : m_kv(read_cfg(in)) + {} + +std::vector<std::string> +Text_Policy::get_list(const std::string& key, + const std::vector<std::string>& def) const + { + const std::string v = get_str(key); + + if(v.empty()) + { + return def; + } + + return split_on(v, ' '); + } + +size_t Text_Policy::get_len(const std::string& key, size_t def) const + { + const std::string v = get_str(key); + + if(v.empty()) + { + return def; + } + + return to_u32bit(v); + } + +bool Text_Policy::get_bool(const std::string& key, bool def) const + { + const std::string v = get_str(key); + + if(v.empty()) + { + return def; + } + + if(v == "true" || v == "True") + { + return true; + } + else if(v == "false" || v == "False") + { + return false; + } + else + { + throw Exception("Invalid boolean '" + v + "'"); + } + } + +std::string Text_Policy::get_str(const std::string& key, const std::string& def) const + { + auto i = m_kv.find(key); + if(i == m_kv.end()) + { + return def; + } + + return i->second; + } + +} + +} |