File: tlsver.hpp

package info (click to toggle)
openvpn3-client 25%2Bdfsg-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 19,276 kB
  • sloc: cpp: 190,085; python: 7,218; ansic: 1,866; sh: 1,361; java: 402; lisp: 81; makefile: 17
file content (114 lines) | stat: -rw-r--r-- 3,230 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
//    OpenVPN -- An application to securely tunnel IP networks
//               over a single port, with support for SSL/TLS-based
//               session authentication and key exchange,
//               packet encryption, packet authentication, and
//               packet compression.
//
//    Copyright (C) 2012- OpenVPN Inc.
//
//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception
//

// Parse the tls-version-min option.

#pragma once

#include <string>

#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/options.hpp>

namespace openvpn::TLSVersion {

enum class Type
{
    UNDEF,
    V1_0,
    V1_1,
    V1_2,
    V1_3
};

inline bool operator<(const Type &A, const Type &B)
{
    return static_cast<int>(A) < static_cast<int>(B);
}

inline const std::string to_string(const Type version)
{
    switch (version)
    {
    case Type::UNDEF:
        return "UNDEF";
    case Type::V1_0:
        return "V1_0";
    case Type::V1_1:
        return "V1_1";
    case Type::V1_2:
        return "V1_2";
    case Type::V1_3:
        return "V1_3";
    default:
        return "???";
    }
}

inline Type parse_tls_version_min(const std::string &ver,
                                  const bool or_highest,
                                  const Type max_version)
{
    if (ver == "1.0" && Type::V1_0 <= max_version)
        return Type::V1_0;
    else if (ver == "1.1" && Type::V1_1 <= max_version)
        return Type::V1_1;
    else if (ver == "1.2" && Type::V1_2 <= max_version)
        return Type::V1_2;
    else if (ver == "1.3" && Type::V1_3 <= max_version)
        return Type::V1_3;
    else if (or_highest)
        return max_version;
    else
        throw option_error(ERR_INVALID_OPTION_CRYPTO, "tls-version-min: unrecognized TLS version");
}

inline Type parse_tls_version_min(const OptionList &opt,
                                  const std::string &relay_prefix,
                                  const Type max_version)
{
    const Option *o = opt.get_ptr(relay_prefix + "tls-version-min");
    if (o)
    {
        const std::string ver = o->get_optional(1, 16);
        const bool or_highest = (o->get_optional(2, 16) == "or-highest");
        return parse_tls_version_min(ver, or_highest, max_version);
    }
    return Type::UNDEF;
}

inline void apply_override(Type &tvm, const std::string &override)
{
    const Type orig = tvm;
    Type newtvm = Type::UNDEF;

    if (override.empty() || override == "default")
        newtvm = tvm;
    else if (override == "disabled")
        tvm = Type::UNDEF;
    else if (override == "tls_1_0")
        newtvm = Type::V1_0;
    else if (override == "tls_1_1")
        newtvm = Type::V1_1;
    else if (override == "tls_1_2")
        newtvm = Type::V1_2;
    else if (override == "tls_1_3")
        newtvm = Type::V1_3;
    else
        throw option_error(ERR_INVALID_OPTION_CRYPTO, "tls-version-min: unrecognized override string");

    if (newtvm > orig || newtvm == Type::UNDEF)
        tvm = newtvm;

    // OPENVPN_LOG("*** TLS-version-min before=" << to_string(orig) << " override=" << override << " after=" << to_string(tvm)); // fixme
}
} // namespace openvpn::TLSVersion