aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/tls')
-rw-r--r--src/lib/tls/tls_policy.cpp56
-rw-r--r--src/lib/tls/tls_policy.h22
-rw-r--r--src/lib/tls/tls_suite_info.cpp22
3 files changed, 58 insertions, 42 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 7bbf7cd7e..f50cf1f3e 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -17,7 +17,7 @@ namespace TLS {
std::vector<std::string> Policy::allowed_ciphers() const
{
- return std::vector<std::string>({
+ return {
//"AES-256/OCB(12)",
//"AES-128/OCB(12)",
"ChaCha20Poly1305",
@@ -25,8 +25,8 @@ std::vector<std::string> Policy::allowed_ciphers() const
"AES-128/GCM",
"AES-256/CCM",
"AES-128/CCM",
- "AES-256/CCM-8",
- "AES-128/CCM-8",
+ "AES-256/CCM(8)",
+ "AES-128/CCM(8)",
//"Camellia-256/GCM",
//"Camellia-128/GCM",
"AES-256",
@@ -36,35 +36,35 @@ std::vector<std::string> Policy::allowed_ciphers() const
//"SEED"
//"3DES",
//"RC4",
- });
+ };
}
std::vector<std::string> Policy::allowed_signature_hashes() const
{
- return std::vector<std::string>({
+ return {
"SHA-512",
"SHA-384",
"SHA-256",
"SHA-224",
//"SHA-1",
//"MD5",
- });
+ };
}
std::vector<std::string> Policy::allowed_macs() const
{
- return std::vector<std::string>({
+ return {
"AEAD",
"SHA-384",
"SHA-256",
"SHA-1",
//"MD5",
- });
+ };
}
std::vector<std::string> Policy::allowed_key_exchange_methods() const
{
- return std::vector<std::string>({
+ return {
"SRP_SHA",
//"ECDHE_PSK",
//"DHE_PSK",
@@ -72,22 +72,22 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const
"ECDH",
"DH",
"RSA",
- });
+ };
}
std::vector<std::string> Policy::allowed_signature_methods() const
{
- return std::vector<std::string>({
+ return {
"ECDSA",
"RSA",
"DSA",
//""
- });
+ };
}
std::vector<std::string> Policy::allowed_ecc_curves() const
{
- return std::vector<std::string>({
+ return {
"brainpool512r1",
"secp521r1",
"brainpool384r1",
@@ -102,7 +102,7 @@ std::vector<std::string> Policy::allowed_ecc_curves() const
//"secp160r2",
//"secp160r1",
//"secp160k1",
- });
+ };
}
/*
@@ -352,6 +352,34 @@ void Policy::print(std::ostream& o) const
o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
}
+std::vector<std::string> Strict_Policy::allowed_ciphers() const
+ {
+ return { "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM" };
+ }
+
+std::vector<std::string> Strict_Policy::allowed_signature_hashes() const
+ {
+ return { "SHA-512", "SHA-384"};
+ }
+
+std::vector<std::string> Strict_Policy::allowed_macs() const
+ {
+ return { "AEAD" };
+ }
+
+std::vector<std::string> Strict_Policy::allowed_key_exchange_methods() const
+ {
+ return { "ECDH" };
+ }
+
+bool Strict_Policy::acceptable_protocol_version(Protocol_Version version) const
+ {
+ if(version.is_datagram_protocol())
+ return (version >= Protocol_Version::DTLS_V12);
+ else
+ return (version >= Protocol_Version::TLS_V12);
+ }
+
}
}
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 247510326..581d04bcd 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -229,27 +229,15 @@ class BOTAN_DLL Datagram_Policy : public Policy
class BOTAN_DLL Strict_Policy : public Policy
{
public:
- std::vector<std::string> allowed_ciphers() const override
- {
- return { "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM" };
- }
+ std::vector<std::string> allowed_ciphers() const override;
- std::vector<std::string> allowed_signature_hashes() const override
- { return { "SHA-512", "SHA-384"}; }
+ std::vector<std::string> allowed_signature_hashes() const override;
- std::vector<std::string> allowed_macs() const override
- { return { "AEAD" }; }
+ std::vector<std::string> allowed_macs() const override;
- std::vector<std::string> allowed_key_exchange_methods() const override
- { return { "ECDH" }; }
+ std::vector<std::string> allowed_key_exchange_methods() const override;
- bool acceptable_protocol_version(Protocol_Version version) const override
- {
- if(version.is_datagram_protocol())
- return (version >= Protocol_Version::DTLS_V12);
- else
- return (version >= Protocol_Version::TLS_V12);
- }
+ bool acceptable_protocol_version(Protocol_Version version) const override;
};
class BOTAN_DLL Text_Policy : public Policy
diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp
index 60777672a..02d277173 100644
--- a/src/lib/tls/tls_suite_info.cpp
+++ b/src/lib/tls/tls_suite_info.cpp
@@ -3,7 +3,7 @@
*
* This file was automatically generated from the IANA assignments
* (tls-parameters.txt hash 4bc98b6f75ad5b63952b5f457fa7adbfef60f095)
-* by ./src/scripts/tls_suite_info.py on 2015-01-21
+* by ./src/scripts/tls_suite_info.py on 2015-01-30
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -124,7 +124,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A2: // DHE_RSA_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x009E: // DHE_RSA_WITH_AES_128_GCM_SHA256
return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
@@ -142,7 +142,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A3: // DHE_RSA_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0x009F: // DHE_RSA_WITH_AES_256_GCM_SHA384
return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
@@ -232,7 +232,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC0AC, "ECDSA", "ECDH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0AE: // ECDHE_ECDSA_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC02B: // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
return Ciphersuite(0xC02B, "ECDSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
@@ -250,7 +250,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC0AD, "ECDSA", "ECDH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0AF: // ECDHE_ECDSA_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC02C: // ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
return Ciphersuite(0xC02C, "ECDSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
@@ -364,10 +364,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20);
case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0AB: // PSK_DHE_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA
return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, 0, "SHA-1", 20);
@@ -382,7 +382,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A8: // PSK_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x00A8: // PSK_WITH_AES_128_GCM_SHA256
return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
@@ -400,7 +400,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A9: // PSK_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0x00A9: // PSK_WITH_AES_256_GCM_SHA384
return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
@@ -436,7 +436,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A0: // RSA_WITH_AES_128_CCM_8
- return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
case 0x009C: // RSA_WITH_AES_128_GCM_SHA256
return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
@@ -451,7 +451,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0xC0A1: // RSA_WITH_AES_256_CCM_8
- return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+ return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
case 0x009D: // RSA_WITH_AES_256_GCM_SHA384
return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 23:18:06 +0000