aboutsummaryrefslogtreecommitdiffstats
path: root/src/cli/tls_utils.cpp
blob: 1e7332485ba5cd99bdec41eeab0e50cdf267b22b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
/*
* (C) 2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "cli.h"

#if defined(BOTAN_HAS_TLS)

#include <botan/tls_policy.h>
#include <botan/tls_version.h>

namespace Botan_CLI {

class TLS_All_Policy : public Botan::TLS::Policy
   {
   public:
      std::vector<std::string> allowed_ciphers() const override
         {
         return std::vector<std::string>{
            "ChaCha20Poly1305",
            "AES-256/OCB(12)",
            "AES-128/OCB(12)",
            "AES-256/GCM",
            "AES-128/GCM",
            "AES-256/CCM",
            "AES-128/CCM",
            "AES-256/CCM(8)",
            "AES-128/CCM(8)",
            "Camellia-256/GCM",
            "Camellia-128/GCM",
            "AES-256",
            "AES-128",
            "Camellia-256",
            "Camellia-128",
            "SEED"
            "3DES"
            };
         }

      std::vector<std::string> allowed_key_exchange_methods() const override
         {
         return { "SRP_SHA", "ECDHE_PSK", "DHE_PSK", "PSK",
                  "CECPQ1", "ECDH", "DH", "RSA" };
         }

      std::vector<std::string> allowed_signature_methods() const override
         {
         return { "ECDSA", "RSA", "DSA" };
         };
   };

class TLS_Ciphersuites final : public Command
   {
   public:
      TLS_Ciphersuites() : Command("tls_ciphers --policy=default --version=tls1.2") {}

      static Botan::TLS::Protocol_Version::Version_Code tls_version_from_str(const std::string& str)
         {
         if(str == "tls1.2" || str == "TLS1.2" || str == "TLS-1.2")
            return Botan::TLS::Protocol_Version::TLS_V12;
         else if(str == "tls1.1" || str == "TLS1.1" || str == "TLS-1.1")
            return Botan::TLS::Protocol_Version::TLS_V11;
         else if(str == "tls1.0" || str == "TLS1.1" || str == "TLS-1.1")
            return Botan::TLS::Protocol_Version::TLS_V10;
         if(str == "dtls1.2" || str == "DTLS1.2" || str == "DTLS-1.2")
            return Botan::TLS::Protocol_Version::DTLS_V12;
         else if(str == "dtls1.0" || str == "DTLS1.0" || str == "DTLS-1.0")
            return Botan::TLS::Protocol_Version::DTLS_V10;
         else
            throw CLI_Error("Unknown TLS version '" + str + "'");
         }

      void go() override
         {
         const std::string policy_type = get_arg("policy");
         const Botan::TLS::Protocol_Version version(tls_version_from_str(get_arg("version")));
         const bool with_srp = false; // fixme

         std::unique_ptr<Botan::TLS::Policy> policy;

         if(policy_type == "default")
            {
            policy.reset(new Botan::TLS::Policy);
            }
         else if(policy_type == "suiteb")
            {
            policy.reset(new Botan::TLS::NSA_Suite_B_128);
            }
         else if(policy_type == "strict")
            {
            policy.reset(new Botan::TLS::Strict_Policy);
            }
         else if(policy_type == "all")
            {
            policy.reset(new TLS_All_Policy);
            }
         else
            {
            std::ifstream policy_file(policy_type);
            if(!policy_file.good())
               {
               throw CLI_Error("Error TLS policy '" + policy_type +
                               "' is neither a file nor a known policy type");
               }

            policy.reset(new Botan::TLS::Text_Policy(policy_file));
            }

         for(uint16_t suite_id : policy->ciphersuite_list(version, with_srp))
            {
            const Botan::TLS::Ciphersuite suite(Botan::TLS::Ciphersuite::by_id(suite_id));
            output() << suite.to_string() << "\n";
            }
         }
   };

BOTAN_REGISTER_COMMAND("tls_ciphers", TLS_Ciphersuites);

}

#endif