1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
/*
* (C) 2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#include "cli.h"
#if defined(BOTAN_HAS_TLS)
#include <botan/tls_policy.h>
#include <botan/tls_version.h>
namespace Botan_CLI {
class TLS_All_Policy : public Botan::TLS::Policy
{
public:
std::vector<std::string> allowed_ciphers() const override
{
return std::vector<std::string>
{
"ChaCha20Poly1305",
"AES-256/OCB(12)",
"AES-128/OCB(12)",
"AES-256/GCM",
"AES-128/GCM",
"AES-256/CCM",
"AES-128/CCM",
"AES-256/CCM(8)",
"AES-128/CCM(8)",
"Camellia-256/GCM",
"Camellia-128/GCM",
"AES-256",
"AES-128",
"Camellia-256",
"Camellia-128",
"SEED"
"3DES"
};
}
std::vector<std::string> allowed_key_exchange_methods() const override
{
return { "SRP_SHA", "ECDHE_PSK", "DHE_PSK", "PSK", "CECPQ1", "ECDH", "DH", "RSA" };
}
std::vector<std::string> allowed_signature_methods() const override
{
return { "ECDSA", "RSA", "DSA" };
}
};
class TLS_Ciphersuites final : public Command
{
public:
TLS_Ciphersuites()
: Command("tls_ciphers --policy=default --version=tls1.2") {}
static Botan::TLS::Protocol_Version::Version_Code tls_version_from_str(const std::string& str)
{
if(str == "tls1.2" || str == "TLS1.2" || str == "TLS-1.2")
{
return Botan::TLS::Protocol_Version::TLS_V12;
}
else if(str == "tls1.1" || str == "TLS1.1" || str == "TLS-1.1")
{
return Botan::TLS::Protocol_Version::TLS_V11;
}
else if(str == "tls1.0" || str == "TLS1.1" || str == "TLS-1.1")
{
return Botan::TLS::Protocol_Version::TLS_V10;
}
if(str == "dtls1.2" || str == "DTLS1.2" || str == "DTLS-1.2")
{
return Botan::TLS::Protocol_Version::DTLS_V12;
}
else if(str == "dtls1.0" || str == "DTLS1.0" || str == "DTLS-1.0")
{
return Botan::TLS::Protocol_Version::DTLS_V10;
}
else
{
throw CLI_Error("Unknown TLS version '" + str + "'");
}
}
void go() override
{
const std::string policy_type = get_arg("policy");
const Botan::TLS::Protocol_Version version(tls_version_from_str(get_arg("version")));
const bool with_srp = false; // fixme
std::unique_ptr<Botan::TLS::Policy> policy;
if(policy_type == "default")
{
policy.reset(new Botan::TLS::Policy);
}
else if(policy_type == "suiteb")
{
policy.reset(new Botan::TLS::NSA_Suite_B_128);
}
else if(policy_type == "strict")
{
policy.reset(new Botan::TLS::Strict_Policy);
}
else if(policy_type == "all")
{
policy.reset(new TLS_All_Policy);
}
else
{
std::ifstream policy_file(policy_type);
if(!policy_file.good())
{
throw CLI_Error("Error TLS policy '" + policy_type + "' is neither a file nor a known policy type");
}
policy.reset(new Botan::TLS::Text_Policy(policy_file));
}
for(uint16_t suite_id : policy->ciphersuite_list(version, with_srp))
{
const Botan::TLS::Ciphersuite suite(Botan::TLS::Ciphersuite::by_id(suite_id));
output() << suite.to_string() << "\n";
}
}
};
BOTAN_REGISTER_COMMAND("tls_ciphers", TLS_Ciphersuites);
}
#endif
|
