#include "cli.h"
#if defined(BOTAN_HAS_TLS) && defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
#include <botan/tls_policy.h>
#include <botan/tls_version.h>
#include <botan/tls_messages.h>
#include <botan/loadstor.h>
#include <botan/hex.h>
#include <sstream>
#include "tls_helpers.h"
namespace Botan_CLI {
class TLS_Ciphersuites final : public Command
{
public:
TLS_Ciphersuites()
: Command("tls_ciphers --policy=default --version=tls1.2") {}
static Botan::TLS::Protocol_Version::Version_Code tls_version_from_str(const std::string& str)
{
if(str == "tls1.2" || str == "TLS1.2" || str == "TLS-1.2")
{
return Botan::TLS::Protocol_Version::TLS_V12;
}
else if(str == "tls1.1" || str == "TLS1.1" || str == "TLS-1.1")
{
return Botan::TLS::Protocol_Version::TLS_V11;
}
else if(str == "tls1.0" || str == "TLS1.1" || str == "TLS-1.1")
{
return Botan::TLS::Protocol_Version::TLS_V10;
}
if(str == "dtls1.2" || str == "DTLS1.2" || str == "DTLS-1.2")
{
return Botan::TLS::Protocol_Version::DTLS_V12;
}
else if(str == "dtls1.0" || str == "DTLS1.0" || str == "DTLS-1.0")
{
return Botan::TLS::Protocol_Version::DTLS_V10;
}
else
{
throw CLI_Error("Unknown TLS version '" + str + "'");
}
}
std::string group() const override
{
return "tls";
}
std::string description() const override
{
return "Lists all ciphersuites for a policy and TLS version";
}
void go() override
{
const std::string policy_type = get_arg("policy");
const Botan::TLS::Protocol_Version version(tls_version_from_str(get_arg("version")));
const bool with_srp = false;
auto policy = load_tls_policy(policy_type);
if(policy->acceptable_protocol_version(version) == false)
{
error_output() << "Error: the policy specified does not allow the given TLS version\n";
return;
}
for(uint16_t suite_id : policy->ciphersuite_list(version, with_srp))
{
const Botan::TLS::Ciphersuite suite(Botan::TLS::Ciphersuite::by_id(suite_id));
output() << suite.to_string() << "\n";
}
}
};
BOTAN_REGISTER_COMMAND("tls_ciphers", TLS_Ciphersuites);
class TLS_Client_Hello_Reader final : public Command
{
public:
TLS_Client_Hello_Reader()
: Command("tls_client_hello --hex input") {}
std::string group() const override
{
return "tls";
}
std::string description() const override
{
return "Parse a TLS client hello message";
}
void go() override
{
const std::string input_file = get_arg("input");
std::vector<uint8_t> input;
if(flag_set("hex"))
{
input = Botan::hex_decode(slurp_file_as_str(input_file));
}
else
{
input = slurp_file(input_file);
}
if(input.size() < 45)
{
error_output() << "Input too short to be valid\n";
return;
}
if(input[0] == 22)
{
const size_t len = Botan::make_uint16(input[3], input[4]);
if(input.size() != len + 5)
{
error_output() << "Record layer length invalid\n";
return;
}
input = std::vector<uint8_t>(input.begin() + 5, input.end());
}
if(input[0] == 1)
{
const size_t hs_len = Botan::make_uint32(0, input[1], input[2], input[3]);
if(input.size() != hs_len + 4)
{
error_output() << "Handshake layer length invalid\n";
return;
}
input = std::vector<uint8_t>(input.begin() + 4, input.end());
}
try
{
Botan::TLS::Client_Hello hello(input);
output() << format_hello(hello);
}
catch(std::exception& e)
{
error_output() << "Parsing client hello failed: " << e.what() << "\n";
}
}
private:
std::string format_hello(const Botan::TLS::Client_Hello& hello)
{
std::ostringstream oss;
oss << "Version: " << hello.version().to_string() << "\n"
<< "Random: " << Botan::hex_encode(hello.random()) << "\n";
if(!hello.session_id().empty())
oss << "SessionID: " << Botan::hex_encode(hello.session_id()) << "\n";
for(uint16_t csuite_id : hello.ciphersuites())
{
auto csuite = Botan::TLS::Ciphersuite::by_id(csuite_id);
if(csuite.valid())
oss << "Cipher: " << csuite.to_string() << "\n";
else if(csuite_id == 0x00FF)
oss << "Cipher: EMPTY_RENEGOTIATION_INFO_SCSV\n";
else
oss << "Cipher: Unknown (" << std::hex << csuite_id << ")\n";
}
oss << "Supported signature schemes: ";
if(hello.signature_schemes().empty())
{
oss << "Did not send signature_algorithms extension\n";
}
else
{
for(Botan::TLS::Signature_Scheme scheme : hello.signature_schemes())
{
try
{
auto s = sig_scheme_to_string(scheme);
oss << s << " ";
}
catch(...)
{
oss << "(" << std::hex << static_cast<uint16_t>(scheme) << ") ";
}
}
oss << "\n";
}
std::map<std::string, bool> hello_flags;
hello_flags["ALPN"] = hello.supports_alpn();
hello_flags["Encrypt Then Mac"] = hello.supports_encrypt_then_mac();
hello_flags["Extended Master Secret"] = hello.supports_extended_master_secret();
hello_flags["Session Ticket"] = hello.supports_session_ticket();
for(auto&& i : hello_flags)
oss << "Supports " << i.first << "? " << (i.second ? "yes" : "no") << "\n";
return oss.str();
}
};
BOTAN_REGISTER_COMMAND("tls_client_hello", TLS_Client_Hello_Reader);
}
#endif