aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-04-12 22:22:11 +0000
committerlloyd <[email protected]>2013-04-12 22:22:11 +0000
commit41ae930f6c224575c4dce6979df8b225778b6d5b (patch)
tree9ae69c815df4c9cbe52fec0b895f74affd451a13 /src
parent0ae00b623fa20ac9041c50f1bf9ca20df9702fd4 (diff)
Add a policy for Suite B 128-bit
Diffstat (limited to 'src')
-rw-r--r--src/tls/tls_policy.cpp5
-rw-r--r--src/tls/tls_policy.h40
2 files changed, 33 insertions, 12 deletions
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index 7ea539690..230b02ad0 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -138,11 +138,6 @@ bool Policy::acceptable_protocol_version(Protocol_Version version) const
//return version >= Protocol_Version::TLS_V11;
}
-bool Policy::server_uses_own_ciphersuite_preferences() const
- {
- return true;
- }
-
namespace {
class Ciphersuite_Preference_Ordering
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index 7d3788b2e..f80bffb71 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -1,6 +1,6 @@
/*
-* Policies
-* (C) 2004-2006 Jack Lloyd
+* Hooks for application level policies on TLS connections
+* (C) 2004-2006,2013 Jack Lloyd
*
* Released under the terms of the Botan license
*/
@@ -27,14 +27,13 @@ class BOTAN_DLL Policy
/**
* Returns a list of ciphers we are willing to negotiate, in
- * order of preference. Allowed values: any block cipher name, or
- * ARC4.
+ * order of preference.
*/
virtual std::vector<std::string> allowed_ciphers() const;
/**
* Returns a list of hash algorithms we are willing to use for
- * signatures.
+ * signatures, in order of preference.
*/
virtual std::vector<std::string> allowed_signature_hashes() const;
@@ -131,8 +130,7 @@ class BOTAN_DLL Policy
* their highest preference, rather than the clients.
* Has no effect on client side.
*/
- virtual bool server_uses_own_ciphersuite_preferences() const;
-
+ virtual bool server_uses_own_ciphersuite_preferences() const { return true; }
/**
* Return allowed ciphersuites, in order of preference
@@ -143,6 +141,34 @@ class BOTAN_DLL Policy
virtual ~Policy() {}
};
+/**
+* NSA Suite B 128-bit security level (see @rfc 6460)
+*/
+class NSA_Suite_B_128 : public Policy
+ {
+ public:
+ std::vector<std::string> allowed_ciphers() const override
+ { return std::vector<std::string>({"AES-128/GCM"}); }
+
+ std::vector<std::string> allowed_signature_hashes() const override
+ { return std::vector<std::string>({"SHA-256"}); }
+
+ std::vector<std::string> allowed_macs() const override
+ { return std::vector<std::string>({"AEAD"}); }
+
+ std::vector<std::string> allowed_key_exchange_methods() const override
+ { return std::vector<std::string>({"ECDH"}); }
+
+ std::vector<std::string> allowed_signature_methods() const override
+ { return std::vector<std::string>({"ECDSA"}); }
+
+ std::vector<std::string> allowed_ecc_curves() const override
+ { return std::vector<std::string>({"secp256r1"}); }
+
+ bool acceptable_protocol_version(Protocol_Version version) const override
+ { return version == Protocol_Version::TLS_V12; }
+ };
+
}
}