diff options
| author | lloyd <[email protected]> | 2013-04-12 22:22:11 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2013-04-12 22:22:11 +0000 |
| commit | 41ae930f6c224575c4dce6979df8b225778b6d5b (patch) | |
| tree | 9ae69c815df4c9cbe52fec0b895f74affd451a13 /src/tls | |
| parent | 0ae00b623fa20ac9041c50f1bf9ca20df9702fd4 (diff) | |
Add a policy for Suite B 128-bit
Diffstat (limited to 'src/tls')
| -rw-r--r-- | src/tls/tls_policy.cpp | 5 | ||||
| -rw-r--r-- | src/tls/tls_policy.h | 40 |
2 files changed, 33 insertions, 12 deletions
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index 7ea539690..230b02ad0 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -138,11 +138,6 @@ bool Policy::acceptable_protocol_version(Protocol_Version version) const //return version >= Protocol_Version::TLS_V11; } -bool Policy::server_uses_own_ciphersuite_preferences() const - { - return true; - } - namespace { class Ciphersuite_Preference_Ordering diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h index 7d3788b2e..f80bffb71 100644 --- a/src/tls/tls_policy.h +++ b/src/tls/tls_policy.h @@ -1,6 +1,6 @@ /* -* Policies -* (C) 2004-2006 Jack Lloyd +* Hooks for application level policies on TLS connections +* (C) 2004-2006,2013 Jack Lloyd * * Released under the terms of the Botan license */ @@ -27,14 +27,13 @@ class BOTAN_DLL Policy /** * Returns a list of ciphers we are willing to negotiate, in - * order of preference. Allowed values: any block cipher name, or - * ARC4. + * order of preference. */ virtual std::vector<std::string> allowed_ciphers() const; /** * Returns a list of hash algorithms we are willing to use for - * signatures. + * signatures, in order of preference. */ virtual std::vector<std::string> allowed_signature_hashes() const; @@ -131,8 +130,7 @@ class BOTAN_DLL Policy * their highest preference, rather than the clients. * Has no effect on client side. */ - virtual bool server_uses_own_ciphersuite_preferences() const; - + virtual bool server_uses_own_ciphersuite_preferences() const { return true; } /** * Return allowed ciphersuites, in order of preference @@ -143,6 +141,34 @@ class BOTAN_DLL Policy virtual ~Policy() {} }; +/** +* NSA Suite B 128-bit security level (see @rfc 6460) +*/ +class NSA_Suite_B_128 : public Policy + { + public: + std::vector<std::string> allowed_ciphers() const override + { return std::vector<std::string>({"AES-128/GCM"}); } + + std::vector<std::string> allowed_signature_hashes() const override + { return std::vector<std::string>({"SHA-256"}); } + + std::vector<std::string> allowed_macs() const override + { return std::vector<std::string>({"AEAD"}); } + + std::vector<std::string> allowed_key_exchange_methods() const override + { return std::vector<std::string>({"ECDH"}); } + + std::vector<std::string> allowed_signature_methods() const override + { return std::vector<std::string>({"ECDSA"}); } + + std::vector<std::string> allowed_ecc_curves() const override + { return std::vector<std::string>({"secp256r1"}); } + + bool acceptable_protocol_version(Protocol_Version version) const override + { return version == Protocol_Version::TLS_V12; } + }; + } } |