Diag-Client-Lib
tls_context.cpp
Go to the documentation of this file.
1 /* Diagnostic Client library
2  * Copyright (C) 2024 Avijit Dey
3  *
4  * This Source Code Form is subject to the terms of the Mozilla Public
5  * License, v. 2.0. If a copy of the MPL was not distributed with this
6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
7  */
8 #include "boost-support/socket/tls/tls_context.h"
9 
10 #include <numeric>
11 
12 #include "boost-support/client/tls/tls_cipher_list.h"
13 #include "boost-support/server/tls/tls_cipher_list.h"
14 
15 namespace boost_support {
16 namespace socket {
17 namespace tls {
18 namespace {
19 
20 auto ToOpenSslString(client::tls::Tls12CipherSuites cipher) noexcept -> std::string {
21  using Tls12CipherSuites = client::tls::Tls12CipherSuites;
22  std::string result{};
23 
24  switch (cipher) {
25  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
26  result.append("ECDHE-ECDSA-AES128-GCM-SHA256");
27  break;
28  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
29  result.append("ECDHE-ECDSA-AES256-GCM-SHA384");
30  break;
31  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
32  result.append("ECDHE-ECDSA-CHACHA20-POLY1305");
33  break;
34  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
35  result.append("ECDHE-ECDSA-AES128-SHA256");
36  break;
37  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
38  result.append("ECDHE-ECDSA-AES256-SHA384");
39  break;
40  }
41 
42  return result;
43 }
44 
45 auto ToOpenSslString(client::tls::Tls13CipherSuites cipher) noexcept -> std::string {
46  using Tls13CipherSuites = client::tls::Tls13CipherSuites;
47  std::string result{};
48 
49  switch (cipher) {
50  case Tls13CipherSuites::TLS_AES_128_GCM_SHA256:
51  result.append("TLS_AES_128_GCM_SHA256");
52  break;
53  case Tls13CipherSuites::TLS_AES_256_GCM_SHA384:
54  result.append("TLS_AES_256_GCM_SHA384");
55  break;
56  case Tls13CipherSuites::TLS_CHACHA20_POLY1305_SHA256:
57  result.append("TLS_CHACHA20_POLY1305_SHA256");
58  break;
59  case Tls13CipherSuites::TLS_AES_128_CCM_SHA256:
60  result.append("TLS_AES_128_CCM_SHA256");
61  break;
62  case Tls13CipherSuites::TLS_AES_128_CCM_8_SHA256:
63  result.append("TLS_AES_128_CCM_8_SHA256");
64  break;
65  }
66  return result;
67 }
68 
69 auto ToOpenSslString(server::tls::Tls12CipherSuites cipher) noexcept -> std::string {
70  using Tls12CipherSuites = server::tls::Tls12CipherSuites;
71  std::string result{};
72 
73  switch (cipher) {
74  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
75  result.append("ECDHE-ECDSA-AES128-GCM-SHA256");
76  break;
77  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
78  result.append("ECDHE-ECDSA-AES256-GCM-SHA384");
79  break;
80  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
81  result.append("ECDHE-ECDSA-CHACHA20-POLY1305");
82  break;
83  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
84  result.append("ECDHE-ECDSA-AES128-SHA256");
85  break;
86  case Tls12CipherSuites::TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
87  result.append("ECDHE-ECDSA-AES256-SHA384");
88  break;
89  }
90 
91  return result;
92 }
93 
94 auto ToOpenSslString(server::tls::Tls13CipherSuites cipher) noexcept -> std::string {
95  using Tls13CipherSuites = server::tls::Tls13CipherSuites;
96  std::string result{};
97 
98  switch (cipher) {
99  case Tls13CipherSuites::TLS_AES_128_GCM_SHA256:
100  result.append("TLS_AES_128_GCM_SHA256");
101  break;
102  case Tls13CipherSuites::TLS_AES_256_GCM_SHA384:
103  result.append("TLS_AES_256_GCM_SHA384");
104  break;
105  case Tls13CipherSuites::TLS_CHACHA20_POLY1305_SHA256:
106  result.append("TLS_CHACHA20_POLY1305_SHA256");
107  break;
108  case Tls13CipherSuites::TLS_AES_128_CCM_SHA256:
109  result.append("TLS_AES_128_CCM_SHA256");
110  break;
111  case Tls13CipherSuites::TLS_AES_128_CCM_8_SHA256:
112  result.append("TLS_AES_128_CCM_8_SHA256");
113  break;
114  }
115  return result;
116 }
117 
118 template<typename CipherType>
119 auto ConvertCipherListToString(std::initializer_list<CipherType> ciphers) noexcept -> std::string {
120  return std::accumulate(ciphers.begin(), ciphers.end(), std::string{},
121  [](std::string const& result, CipherType const& cipher) -> std::string {
122  std::string calculated_ssl_string{};
123  if (result.empty()) {
124  calculated_ssl_string.append(ToOpenSslString(cipher));
125  } else {
126  calculated_ssl_string.append(result);
127  calculated_ssl_string.append(":");
128  calculated_ssl_string.append(ToOpenSslString(cipher));
129  }
130  return calculated_ssl_string;
131  });
132 }
133 } // namespace
134 
135 TlsContext::TlsContext(Tls12VersionClient client, std::string_view ca_certification_path) noexcept
136  : ssl_context_{boost::asio::ssl::context::tlsv12_client} {
137  // Load the root CA certificates
138  ssl_context_.load_verify_file(std::string{ca_certification_path});
139  // Load the cipher suites
140  if (SSL_CTX_set_cipher_list(ssl_context_.native_handle(),
141  ConvertCipherListToString(client.cipher_suites).c_str()) == 0) {
142  // Failure
143  }
144 }
145 
146 TlsContext::TlsContext(Tls13VersionClient client, std::string_view ca_certification_path) noexcept
147  : ssl_context_{boost::asio::ssl::context::tlsv13_client} {
148  // Load the root CA certificates
149  ssl_context_.load_verify_file(std::string{ca_certification_path});
150  // Load the cipher suites
151  if (SSL_CTX_set_ciphersuites(ssl_context_.native_handle(),
152  ConvertCipherListToString(client.cipher_suites).c_str()) == 0) {
153  // Failure
154  }
155 }
156 
157 TlsContext::TlsContext(Tls12VersionServer server, std::string_view certificate_path,
158  std::string_view private_key_path) noexcept
159  : ssl_context_{boost::asio::ssl::context::tlsv12_server} {
160  // Load certificate and private key from provided locations
161  ssl_context_.use_certificate_chain_file(std::string{certificate_path});
162  ssl_context_.use_private_key_file(std::string{private_key_path}, boost::asio::ssl::context::pem);
163  // Load the cipher suites
164  if (SSL_CTX_set_ciphersuites(ssl_context_.native_handle(),
165  ConvertCipherListToString(server.cipher_suites).c_str()) == 0) {
166  // Failure
167  }
168 }
169 
170 TlsContext::TlsContext(Tls13VersionServer server, std::string_view certificate_path,
171  std::string_view private_key_path) noexcept
172  : ssl_context_{boost::asio::ssl::context::tlsv13_server} {
173  // Load certificate and private key from provided locations
174  ssl_context_.use_certificate_chain_file(std::string{certificate_path});
175  ssl_context_.use_private_key_file(std::string{private_key_path}, boost::asio::ssl::context::pem);
176  // Load the cipher suites
177  if (SSL_CTX_set_ciphersuites(ssl_context_.native_handle(),
178  ConvertCipherListToString(server.cipher_suites).c_str()) == 0) {
179  // Failure
180  }
181 }
182 } // namespace tls
183 } // namespace socket
184 } // namespace boost_support
tls_cipher_list.h
boost_support::client::tls::Tls13CipherSuites
Tls13CipherSuites
The TLS 1.3 cipher suites supported.
Definition: tls_cipher_list.h:31
boost_support::client::tls::Tls12CipherSuites
Tls12CipherSuites
The TLS 1.2 cipher suites supported.
Definition: tls_cipher_list.h:20
boost_support::server::tls::Tls12CipherSuites
Tls12CipherSuites
The TLS 1.2 cipher suites supported.
Definition: tls_cipher_list.h:20
boost_support::server::tls::Tls13CipherSuites
Tls13CipherSuites
The TLS 1.3 cipher suites supported.
Definition: tls_cipher_list.h:31
boost_support::socket::tls::anonymous_namespace{tls_context.cpp}::ToOpenSslString
auto ToOpenSslString(server::tls::Tls13CipherSuites cipher) noexcept -> std::string
Definition: tls_context.cpp:94
boost_support::socket::tls::anonymous_namespace{tls_context.cpp}::ConvertCipherListToString
auto ConvertCipherListToString(std::initializer_list< CipherType > ciphers) noexcept -> std::string
Definition: tls_context.cpp:119
boost_support
Definition: tcp_client.h:17
tls_cipher_list.h
boost_support::client::tls::TlsVersion
Definition: tls_version.h:21
boost_support::server::tls::detail::TlsVersion
Template type for Tls version.
Definition: tls_version.h:26
tls_context.h
Generated by doxygen 1.9.1