From 7b56f1bd570dc684ffd7c945dee0d9b5480354ff Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 28 Jan 2015 04:32:10 +0000 Subject: Add a runtime map of string->func() which when called return Transforms and BlockCiphers. Registration for all types is done at startup but is very cheap as just a std::function and a std::map entry are created, no actual objects are created until needed. This is a huge improvement over Algorithm_Factory which used T::clone() as the function and thus kept a prototype object of each type in memory. Replace existing lookup mechanisms for ciphers, AEADs, and compression to use the transform lookup. The existing Engine framework remains in place for BlockCipher, but the engines now just call to the registry instead of having hardcoded lookups. s/Transformation/Transform/ with typedefs for compatability. Remove lib/selftest code (for runtime selftesting): not the right approach. --- src/lib/tls/tls_policy.cpp | 56 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 14 deletions(-) (limited to 'src/lib/tls/tls_policy.cpp') diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 7bbf7cd7e..f50cf1f3e 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -17,7 +17,7 @@ namespace TLS { std::vector Policy::allowed_ciphers() const { - return std::vector({ + return { //"AES-256/OCB(12)", //"AES-128/OCB(12)", "ChaCha20Poly1305", @@ -25,8 +25,8 @@ std::vector Policy::allowed_ciphers() const "AES-128/GCM", "AES-256/CCM", "AES-128/CCM", - "AES-256/CCM-8", - "AES-128/CCM-8", + "AES-256/CCM(8)", + "AES-128/CCM(8)", //"Camellia-256/GCM", //"Camellia-128/GCM", "AES-256", @@ -36,35 +36,35 @@ std::vector Policy::allowed_ciphers() const //"SEED" //"3DES", //"RC4", - }); + }; } std::vector Policy::allowed_signature_hashes() const { - return std::vector({ + return { "SHA-512", "SHA-384", "SHA-256", "SHA-224", //"SHA-1", //"MD5", - }); + }; } std::vector Policy::allowed_macs() const { - return std::vector({ + return { "AEAD", "SHA-384", "SHA-256", "SHA-1", //"MD5", - }); + }; } std::vector Policy::allowed_key_exchange_methods() const { - return std::vector({ + return { "SRP_SHA", //"ECDHE_PSK", //"DHE_PSK", @@ -72,22 +72,22 @@ std::vector Policy::allowed_key_exchange_methods() const "ECDH", "DH", "RSA", - }); + }; } std::vector Policy::allowed_signature_methods() const { - return std::vector({ + return { "ECDSA", "RSA", "DSA", //"" - }); + }; } std::vector Policy::allowed_ecc_curves() const { - return std::vector({ + return { "brainpool512r1", "secp521r1", "brainpool384r1", @@ -102,7 +102,7 @@ std::vector Policy::allowed_ecc_curves() const //"secp160r2", //"secp160r1", //"secp160k1", - }); + }; } /* @@ -352,6 +352,34 @@ void Policy::print(std::ostream& o) const o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n'; } +std::vector Strict_Policy::allowed_ciphers() const + { + return { "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM" }; + } + +std::vector Strict_Policy::allowed_signature_hashes() const + { + return { "SHA-512", "SHA-384"}; + } + +std::vector Strict_Policy::allowed_macs() const + { + return { "AEAD" }; + } + +std::vector Strict_Policy::allowed_key_exchange_methods() const + { + return { "ECDH" }; + } + +bool Strict_Policy::acceptable_protocol_version(Protocol_Version version) const + { + if(version.is_datagram_protocol()) + return (version >= Protocol_Version::DTLS_V12); + else + return (version >= Protocol_Version::TLS_V12); + } + } } -- cgit v1.2.3