Increase default TLS DH min to 2048 bits, and add BSI policy class.

Moves BSI policy file to test data dir where it can be compared with what the hardcoded class outputs.
author: Jack Lloyd <[email protected]> 2016-12-30 21:46:04 -0500
committer: Jack Lloyd <[email protected]> 2016-12-30 21:46:04 -0500
commit: 122754bf3dd27ffb81262affc16c78b5a513ed9e (patch)
tree: b13f1efcb2a1b99e88e6b10c53b6e1d597b00337
parent: 0012c59f23ff0d99dc3fd91594040255cd2924bd (diff)
9 files changed, 68 insertions, 8 deletions
diff --git a/news.rst b/news.rst
index f45aa2a8d..7826d2cee 100644
--- a/news.rst
+++ b/news.rst
@@ -24,6 +24,10 @@ Version 1.11.35, Not Yet Released
 
 * Allow use of custom extensions when creating X.509 certificates (GH #744)
 
+* The default TLS policy now requires 2048 or larger DH groups by default.
+
+* Add BSI_TR_02102_2 TLS::Policy subclass representing BSI TR-02102-2 recomendations.
+
 * The default Path_Validation_Restrictions constructor has changed to
   require at least 110 bit signature strength. This means 1024 bit RSA
   certificates and also SHA-1 certificates are rejected by default.
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index ae200ff47..1fff936fa 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -140,8 +140,7 @@ std::string Policy::dh_group() const
 
 size_t Policy::minimum_dh_group_size() const
    {
-   // Many servers still send 1024 bit
-   return 1024;
+   return 2048;
    }
 
 size_t Policy::minimum_ecdsa_group_size() const
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 9fd3561a3..6f617c673 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -334,6 +334,61 @@ class BOTAN_DLL NSA_Suite_B_128 : public Policy
    };
 
 /**
+* BSI TR-02102-2 Policy
+*/
+class BOTAN_DLL BSI_TR_02102_2 : public Policy
+   {
+   public:
+      std::vector<std::string> allowed_ciphers() const override
+         {
+         return std::vector<std::string>({"AES-256/GCM", "AES-128/GCM", "AES-256", "AES-128" });
+         }
+
+      std::vector<std::string> allowed_signature_hashes() const override
+         {
+         return std::vector<std::string>({"SHA-384", "SHA-256"});
+         }
+
+      std::vector<std::string> allowed_macs() const override
+         {
+         return std::vector<std::string>({"AEAD", "SHA-384", "SHA-256"});
+         }
+
+      std::vector<std::string> allowed_key_exchange_methods() const override
+         {
+         return std::vector<std::string>({"ECDH", "DH", "PSK", "ECDHE_PSK", "DHE_PSK"});
+         }
+
+      std::vector<std::string> allowed_signature_methods() const override
+         {
+         return std::vector<std::string>({"ECDSA", "RSA", "DSA"});
+         }
+
+      std::vector<std::string> allowed_ecc_curves() const override
+         {
+         return std::vector<std::string>({"brainpool512r1", "brainpool384r1", "brainpool256r1", "secp384r1", "secp256r1"});
+         }
+
+      bool allow_insecure_renegotiation() const override { return false; }
+      bool allow_server_initiated_renegotiation() const override { return true; }
+      bool server_uses_own_ciphersuite_preferences() const override { return true; }
+      bool negotiate_encrypt_then_mac() const override { return true; }
+
+      size_t minimum_rsa_bits() const override { return 2000; }
+      size_t minimum_dh_group_size() const override { return 2000; }
+      size_t minimum_dsa_group_size() const override { return 2000; }
+
+      size_t minimum_ecdh_group_size() const override { return 250; }
+      size_t minimum_ecdsa_group_size() const override { return 250; }
+
+      bool allow_tls10()  const override { return false; }
+      bool allow_tls11()  const override { return false; }
+      bool allow_tls12()  const override { return true;  }
+      bool allow_dtls10() const override { return false; }
+      bool allow_dtls12() const override { return false; }
+   };
+
+/**
 * Policy for DTLS. We require DTLS v1.2 and an AEAD mode.
 */
 class BOTAN_DLL Datagram_Policy : public Policy
diff --git a/tls-policy/BSI_TR-02102-2.txt b/src/tests/data/tls-policy/bsi.txt
index 734aea428..763c05219 100644
--- a/tls-policy/BSI_TR-02102-2.txt
+++ b/src/tests/data/tls-policy/bsi.txt
@@ -19,4 +19,4 @@ minimum_rsa_bits=2000
 allow_insecure_renegotiation=false
 allow_server_initiated_renegotiation=true
 server_uses_own_ciphersuite_preferences=true
-negotiate_encrypt_then_mac=true
-\ No newline at end of file
+negotiate_encrypt_then_mac=true
diff --git a/src/tests/data/tls-policy/datagram.txt b/src/tests/data/tls-policy/datagram.txt
index e78429238..6a9819aff 100644
--- a/src/tests/data/tls-policy/datagram.txt
+++ b/src/tests/data/tls-policy/datagram.txt
@@ -17,7 +17,7 @@ server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
 dh_group = modp/ietf/2048
-minimum_dh_group_size = 1024
+minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
 minimum_signature_strength = 110
diff --git a/src/tests/data/tls-policy/default.txt b/src/tests/data/tls-policy/default.txt
index eb4ee245c..c96f91d96 100644
--- a/src/tests/data/tls-policy/default.txt
+++ b/src/tests/data/tls-policy/default.txt
@@ -17,7 +17,7 @@ server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
 dh_group = modp/ietf/2048
-minimum_dh_group_size = 1024
+minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
 minimum_signature_strength = 110
diff --git a/src/tests/data/tls-policy/strict.txt b/src/tests/data/tls-policy/strict.txt
index 2f8dfbb3d..f59aaf271 100644
--- a/src/tests/data/tls-policy/strict.txt
+++ b/src/tests/data/tls-policy/strict.txt
@@ -17,7 +17,7 @@ server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
 dh_group = modp/ietf/2048
-minimum_dh_group_size = 1024
+minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
 minimum_signature_strength = 110
diff --git a/src/tests/data/tls-policy/suiteb.txt b/src/tests/data/tls-policy/suiteb.txt
index 77e7ce5a0..51d8fec12 100644
--- a/src/tests/data/tls-policy/suiteb.txt
+++ b/src/tests/data/tls-policy/suiteb.txt
@@ -17,7 +17,7 @@ server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
 dh_group = modp/ietf/2048
-minimum_dh_group_size = 1024
+minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
 minimum_signature_strength = 128
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index cb52b349b..6922dd2a8 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -918,6 +918,8 @@ std::string tls_policy_string(const std::string& policy_str)
       policy.reset(new Botan::TLS::Policy);
    else if(policy_str == "suiteb")
       policy.reset(new Botan::TLS::NSA_Suite_B_128);
+   else if(policy_str == "bsi")
+      policy.reset(new Botan::TLS::BSI_TR_02102_2);
    else if(policy_str == "strict")
       policy.reset(new Botan::TLS::Strict_Policy);
    else if(policy_str == "datagram")
@@ -932,7 +934,7 @@ Test::Result test_tls_policy()
    {
    Test::Result result("TLS Policy");
 
-   const std::vector<std::string> policies = { "default", "suiteb", "strict", "datagram" };
+   const std::vector<std::string> policies = { "default", "suiteb", "strict", "datagram", "bsi" };
 
    for(std::string policy : policies)
       {
author	Jack Lloyd <[email protected]>	2016-12-30 21:46:04 -0500
committer	Jack Lloyd <[email protected]>	2016-12-30 21:46:04 -0500
commit	122754bf3dd27ffb81262affc16c78b5a513ed9e (patch)
tree	b13f1efcb2a1b99e88e6b10c53b6e1d597b00337
parent	0012c59f23ff0d99dc3fd91594040255cd2924bd (diff)